Infographic showing the ACQSC new audit process from late April 2026: registration, renewal or variation in categories 4, 5 or 6, with the four-grade rating model (conformance, minor non-conformance, major non-conformance, exceeding) mapped to the strengthened Aged Care Quality Standards.

For most of the last decade, an aged care audit felt predictable. The Commission arrived, sat down with the clinical manager and the CEO, walked through a paper folder of policies, and produced a met-or-not-met finding against the 2018 Quality Standards. That era ended on 29 April 2026. In Quality Bulletin #2-2026, the Aged Care Quality and Safety Commission (ACQSC) confirmed that a new audit process is now in effect for every provider applying to register, renew or vary registration in categories 4, 5 or 6. The old met-or-not-met result has been replaced with a four-grade rating, the evidence list has expanded, and the bar for conformance is materially higher than the 2018 regime.

For a sector that already absorbs a SIRS obligation, the new Statement of Rights, the minimum care minutes rules and the worker screening scheme, the audit process change is the most operationally consequential update since the new Aged Care Act commenced on 1 November 2025. This guide walks through what the new process looks like, who is in scope, the four-grade rating model, and a 60-day preparation plan that any provider can run without hiring additional staff.

What changed on 29 April 2026

The ACQSC describes the new audit process as "more efficient, consistent and transparent" than the previous assessment regime. In practice, three things changed at once:

  1. Audit scope is explicit. Every audit is now run against the strengthened Aged Care Quality Standards that commenced on 1 November 2025. The seven Standards each have detailed Outcomes, and every Outcome is scored individually. There is no overall "met" — only a grade for each Outcome, which is then aggregated into the registration decision.
  2. Graded rating replaces binary met/not-met. Each Outcome receives one of four grades: conformance, minor non-conformance, major non-conformance, or (for category 6 renewals only) exceeding. The grade is driven by the risk the finding poses to the older person receiving care, not just the existence of a documented policy.
  3. Evidence is now front-loaded. Providers must submit a self-assessed evidence pack at the start of the audit window. The on-site review then tests that evidence against observed practice. The Commission has published separate audit guides for initial registration, renewal and variation — each spells out exactly which documents and records the auditor will look for.
The compliance bar moved up. The old regime asked, "do you have a policy for X?" The new regime asks, "show me the policy, show me the evidence the policy was followed in the last 90 days, and tell me what you changed as a result." If your evidence workflow is still a paper folder, the audit will expose it.

Who is in scope of the new audit process

The new audit process applies to providers applying for, or holding, registration in categories 4, 5 and 6 under the Aged Care Act 2024. These categories cover the higher-complexity service types that the Commission considers material enough to warrant a full audit:

  • Category 4 — residential care and flexible care (multi-purpose services), plus home care packages at levels 3 and 4.
  • Category 5 — residential care at lower bed counts, plus home care packages at levels 1 and 2, and the Commonwealth-funded restorative care programs.
  • Category 6 — the highest-complexity services, including residential care at larger bed counts and providers delivering care across multiple service types. Category 6 is the only registration class eligible for the new exceeding rating on renewal.

Providers in categories 1, 2 and 3 are not subject to the new audit process; their registration review is desk-based and uses the lighter compliance assessment under the existing regulatory model.

The four-grade rating model

The most consequential change for providers is the shift from binary met/not-met to a four-grade model. Each Outcome of the strengthened Quality Standards is graded independently, and the grades carry very different weight in the registration decision.

  • Conformance. The Outcome is being met. Evidence is current, observed practice matches documented policy, and the older person is not at material risk. This is the baseline — auditors are now looking for evidence the policy has been actively used, not just filed.
  • Minor non-conformance. A non-systemic, low-risk gap has been identified. The provider is given an opportunity to address the finding within an agreed remediation period. The Commission publishes the minor non-conformance on the provider's register entry until remediation is verified.
  • Major non-conformance. A systemic or high-risk finding, or any non-conformance that poses material risk of harm to the older person receiving care. Major non-conformances can pause a registration renewal and, in serious cases, lead to compliance notices or sanctions under Part 7 of the Aged Care Act.
  • Exceeding (category 6 renewals only). The provider is demonstrating outcomes above the strengthened Standards. Reserved for category 6 renewal audits where the Commission is satisfied that care delivery is sector-leading. Exceeding is not available on initial registration or variation applications.
One major non-conformance can sink your renewal. Unlike the old regime, where a handful of "not met" findings could be tolerated, a single major non-conformance in a high-risk Outcome (Standards 1, 2, 3 or 4) can trigger an immediate compliance direction. Treat the strengthened Standards as one body of work — not seven parallel checklists.

The evidence the auditor will ask for

The Commission has published three separate audit guides — for initial registration, renewal and variation — each of which lists the evidence categories the auditor will request. Across all three guides, the evidence falls into six predictable buckets:

  1. Governance and leadership evidence. Board minutes that record oversight of clinical care, workforce and risk; the current organisational chart; the register of related-party transactions; the provider's documented quality and safety framework.
  2. Workforce evidence. Current WWCC / NDIS Worker Screening clearances for every worker delivering care; training records for the strengthened Standards' workforce Outcomes (especially Standards 5 and 6); supervision and credentialing records for clinical leads.
  3. Care delivery evidence. Care plans with evidence of consumer consultation; incident logs (SIRS, complaints, near misses); medication management records; restrictive practice registers; food safety and nutrition records.
  4. Consumer experience evidence. Statement of Rights acknowledgements; consent records; complaints and feedback registers; evidence the provider has measured and acted on consumer experience data.
  5. Risk and incident evidence. The provider's risk register with current ratings; the SIRS investigation register; the open incident log and the lessons-learned register from the last 12 months.
  6. Financial and prudential evidence. (Category 6 only.) The annual prudential compliance statement, the financial and prudential investment compliance evidence, and evidence of compliance with the new Financial and Prudential Standard.

Across all six buckets, the common thread is currency. Evidence older than 90 days is treated as historical; evidence between 30 and 90 days is treated as current; evidence less than 30 days old is treated as live. A policy approved in March that has not been touched since is a major non-conformance waiting to happen.

The 60-day preparation plan

Whether you are 12 months out from renewal or facing an audit notice next quarter, the same 60-day preparation sequence works. Run it as a single coordinated workstream, not seven parallel ones.

  1. Days 1 to 7 — Map the strengthened Standards to your evidence. Take the seven Standards and 26 Outcomes. For each Outcome, list the documents and records the auditor will request, the owner responsible for the evidence, and the date the evidence was last refreshed. Anything older than 90 days is a red flag.
  2. Days 8 to 21 — Refresh the high-risk Outcomes. Standards 1 (the older person), 2 (the organisation), 3 (the care and services) and 4 (the environment) carry the highest weight in the major non-conformance test. Refresh care plans, complaint registers, restrictive practice records and medication management evidence first.
  3. Days 22 to 35 — Reconcile workforce evidence. Pull the WWCC / NDIS Worker Screening register, training completion records and clinical credentialing files into one view. Any worker delivering care without a current clearance is an immediate major non-conformance against the strengthened Standard 5.
  4. Days 36 to 50 — Run a mock audit. Walk the evidence pack with an independent reviewer (or an external consultant). Have them grade each Outcome under the new four-grade model. Use the results to prioritise the final remediation.
  5. Days 51 to 60 — Close the gaps. Address every major non-conformance identified in the mock audit. Document the change. Update the version-controlled policy register and the evidence-pack index so the auditor sees a clean, current evidence trail.
Don't try to over-engineer this. The Commission is grading evidence currency and observed practice alignment, not the elegance of your policy library. A current, version-controlled, evidence-linked set of 30 policies will beat a beautiful set of 200 policies that nobody has touched since March.

How NovoCove handles this

NovoCove was built for the audit-shaped world that the strengthened Quality Standards and the new ACQSC audit process have created. The same workflow that powers an ACECQA assessment and rating visit or a SIRS Priority 1 incident report is the workflow that powers an ACQSC audit evidence pack. Three things matter most.

First, version-controlled policies and procedures. Every policy in NovoCove carries a version number, an approval date, an owner, and a link to the evidence that it was followed in the last 90 days. When the auditor asks, "show me the policy and the evidence the policy was followed," the answer is one click — not a three-day document hunt.

Second, grading-aware evidence packs. NovoCove maps each Outcome of the strengthened Quality Standards to the evidence it requires and the rating the auditor is likely to give. A live audit-readiness score tells the CEO, weeks before the audit notice arrives, exactly where the major non-conformances are sitting — and which remediation will move the rating from minor to conformance.

Third, one workflow across ACECQA, ACQSC and SIRS. A provider that runs childcare and aged care — and a growing number of NovoCove customers do — gets one evidence workflow across both regulators. The same worker screening register, the same training evidence, the same incident log. Auditors stop comparing notes between agencies, and your team stops maintaining two parallel compliance systems.

The new ACQSC audit process is not going to get simpler. The next round of strengthened Standards guidance is already in development, the new Financial and Prudential Standard adds another layer for category 6 providers, and SIRS for Support at Home providers is still bedding in. The providers who treat the audit process as a workflow problem — not a paperwork problem — will be the ones whose renewals come through clean.

This guide is general information and is not legal advice.

Audit-ready for ACQSC, ACECQA and SIRS in one workflow

NovoCove gives aged care and childcare providers one evidence workflow across the strengthened Quality Standards, SIRS, worker screening, and the new ACQSC audit process — with grading-aware evidence packs, version-controlled policies, and a live audit-readiness score.

Book a demo