Aged Care Quality and Safety Commission Audits: What Providers Must Have Ready | NoteGate™
NoteGate Aged Care Act 2024 Commission audits

Aged Care Quality and Safety Commission audits: what providers must have ready

The Aged Care Quality and Safety Commission has significantly expanded its audit posture under the Aged Care Act 2024. Auditors now assess outcomes for individual people receiving care — not just the existence of policies. Documentation is the primary evidence auditors review. This guide covers how the Commission conducts audits, what records it requests, the gaps that most commonly trigger findings, and how providers build audit-ready documentation systems.

Last updated: 10 May 2026

Commission audit posture

How the Commission conducts audits under the new Act

The Aged Care Quality and Safety Commission operates under a risk-based regulatory model. Scheduled performance assessments occur at minimum every three years for residential aged care providers and home service providers, but the Commission can conduct unannounced audits at any time — and the Aged Care Act 2024 has significantly strengthened the Commission's powers to do so. Under the new Act, the Commission can issue compliance notices, accept enforceable undertakings, impose civil penalties, and suspend or revoke approved provider status. The regulatory stakes for documentation gaps are higher than they were under the previous framework.

The Commission's audit approach has also shifted in character. Under the strengthened Quality Standards, auditors assess whether care outcomes are actually being achieved for each individual person receiving care — not just whether systems and processes exist. In documentation terms, this means auditors look for evidence that each person's care plan is being followed, their goals are being supported, their preferences are being respected, and their health and wellbeing are being monitored over time. A folder of blank compliant templates does not satisfy this standard — the records must show what actually happened.

Unannounced audits are most commonly triggered by complaints received by the Commission, SIRS reports indicating serious harm, notifications of significant incidents, referrals from the Department of Health and Aged Care, or indicators from provider performance data. Providers have no guaranteed notice period before an unannounced inspection, which means audit-ready documentation is not something providers can create in response to a scheduled assessment — it must exist every day.

Common record requests

What the Commission typically requests in aged care audits

Commission auditors request records based on the audit scope, but certain categories appear in almost every performance assessment. Understanding what auditors look for helps providers prioritise their documentation systems around the records most likely to be reviewed.

Individual care plans and care plan review records

Auditors verify that each person has an up-to-date care plan that reflects their current needs, preferences, and goals, and that the care plan has been reviewed at the prescribed frequency. They look for records showing that the person (and, where relevant, their representative) participated in the care planning process. Outdated care plans or plans that have not been reviewed within the required period are a common finding under Standard 2 (The Person) and Standard 5 (Clinical Care).

Shift notes and daily care records

Shift notes are the most frequently reviewed category of record in Commission audits. Auditors sample notes across the review period to assess whether care observations are specific and person-centred, whether changes in condition are identified and escalated, whether goals are being actively supported, and whether the care being documented matches the care plan. Vague or template-style notes — "participant was calm and cooperative, shift uneventful" — consistently fail to satisfy auditors that adequate care is being delivered and monitored.

Incident records and SIRS documentation

Auditors review the incident register and cross-check incident records against SIRS notifications submitted to the Commission. They look for completeness of incident documentation, timeliness of reporting, and adequacy of the provider's response. Auditors also check whether incidents that were not reported to the Commission should have been classified as Priority 1 or Priority 2 SIRS events.

Medication management records

Medication administration records, PRN medication records, and medication review documentation are reviewed against clinical care standards. Auditors look for evidence of medication reconciliation, oversight of PRN use, and documentation of refused medications and the clinical response. Gaps in medication records are a common source of findings under Standard 5.

Records auditors commonly request

  • Individual care plans with review history and person participation records
  • Shift notes and daily care records across a sample period (typically 3–12 months)
  • Incident register and SIRS notification records
  • Medication administration and PRN records
  • Falls register and post-fall assessment records
  • Pressure injury prevention and management records
  • Food and nutrition records for at-risk individuals
  • Behavioural support plans and associated monitoring records
  • Staff training and competency records
  • Complaints register and response records
  • Governance meeting minutes and clinical governance records
Audit preparation

How providers build documentation that survives Commission scrutiny

Providers that perform well in Commission audits share a common characteristic: their documentation is specific, timely, and person-centred by default — not retrofitted before an assessment. The practices that support audit-ready documentation are operational habits, not pre-audit rituals.

Specificity at the point of care

The most consequential documentation quality gap auditors identify is vagueness. A shift note that records specific observations — the person's mood, their engagement with the activity, whether they ate, a reported pain level, the action taken when a concern arose — creates an evidentiary record that survives scrutiny. A note that records "good shift, no concerns" does not. Providers that invest in documentation systems which prompt specific observations at the point of care — rather than allowing narrative drift toward templated language — consistently produce records that auditors find credible.

Continuity of record across shifts

Auditors assess records longitudinally, not just shift-by-shift. A concern identified on a Monday note must appear in subsequent notes — as an active issue being monitored, as an escalation that occurred, or as a resolution with supporting evidence. Providers whose documentation systems enable continuity — where workers completing a note can see what was flagged in the previous shift — create records that tell a coherent story of care. Providers whose notes are disconnected from each other create records that appear to show neglect of identified concerns, even when care was actually delivered.

Alignment between care plans and care records

One of the clearest audit failure patterns is a care plan that describes a person's needs and preferences but daily records that make no reference to those needs or preferences. Auditors look for alignment — they compare what the care plan says should happen with what the shift notes say did happen. Providers that build this alignment into their documentation systems, so that workers see the person's goals and care plan during note completion, produce records that consistently evidence delivery of planned care.

NoteGate validates every note against the person's care plan and active concerns — so auditors see continuity, not gaps, across every shift record.

Download the compliance brief →
Common questions

Commission audit documentation questions

How often does the Aged Care Quality and Safety Commission audit providers?
The Commission does not publish a fixed audit frequency. Scheduled performance assessments occur at minimum every three years for most residential and home service providers. The Commission can also conduct unannounced audits at any time — triggered by complaints, SIRS reports, or performance data indicators. Under the Aged Care Act 2024, the Commission's oversight posture has shifted toward more proactive and more frequent engagement with providers that show compliance risk signals.
What triggers an unannounced Commission audit?
Unannounced audits are typically triggered by a complaint received by the Commission, a SIRS report indicating serious harm, a notification of significant incident, referral from the Department of Health and Aged Care, or a pattern in provider performance data suggesting systemic compliance risk. The Commission may also conduct spot-check visits without a specific trigger as part of its general oversight program. Providers have no guaranteed notice before an unannounced visit.
How far back do Commission auditors go when reviewing documentation?
Commission auditors typically request records covering the previous three to twelve months, depending on the audit scope and the issue under review. For complaint-triggered audits, auditors focus on the period around the alleged incident. For scheduled assessments, auditors sample records across the review period to identify trends, patterns, and systemic issues. Providers should assume that any record created in the past twelve months is potentially reviewable in a standard audit.
What happens if records are missing or incomplete during a Commission audit?
Missing or incomplete records create an evidential gap that auditors treat as a compliance failure unless the provider can offer an explanation and demonstrate the underlying care was still delivered. In practice, auditors assess what is documented — if care is not documented, auditors cannot confirm it occurred. Incomplete records commonly result in findings under Standard 5 (Clinical Care), Standard 6 (Food and Nutrition), Standard 7 (Incidents and Complaints), or Standard 8 (Governance), depending on what the gaps relate to.
What is the Commission's audit posture under the Aged Care Act 2024?
The Aged Care Act 2024 repositions the Commission as an active regulator with stronger enforcement powers, not simply an accreditation body. The strengthened Quality Standards require providers to demonstrate outcomes — not just process compliance. In audits, this means auditors look for evidence that standards are being met for each individual person receiving care, not just that policies and procedures exist. Documentation is the primary evidence auditors use to assess whether care is actually being delivered as claimed.

Related compliance resources

Aged Care Act 2024 overview Documentation obligations reference for providers Strengthened Quality Standards Documentation requirements under Standards 5, 6 and 7 SIRS reporting and shift note evidence How documentation supports incident reporting Care Minutes evidence Making care minutes documentation defensible