CoordHub provides four audit-ready registers as PDF and CSV exports — designed for NDIS Quality & Safeguards Commission audits and internal governance reviews.

The four registers

RegisterWhat it contains
Risk RegisterCorporate risks, risk scores (5×5 matrix), controls, review dates, risk owners
Supervision RegisterStaff supervision records, dates, supervisors, session notes, effectiveness ratings
Training RegisterStaff training records, completion dates, training types, effectiveness evaluations
CAPA RegisterCorrective and preventive actions linked to incidents, audits, and complaints

Exporting a register

1

Go to Reports in the sidebar

Click Reports, then Compliance.
2

Select the register

Choose the register you want to export — Risk, Supervision, Training, or CAPA.
3

Set filters (optional)

Filter by date range, staff member, or status as needed.
4

Download PDF or CSV

Click Download PDF for a formatted document ready to present to an auditor, or Download CSV for a spreadsheet version.

PDF format

Register PDFs use a two-column layout with your organisation’s name and logo in the header. Each row is numbered and includes all fields required by the NDIS Practice Standards. The PDF is formatted to be placed directly into an audit evidence pack.
These four registers correspond to the key evidence areas assessed in an NDIS Quality & Safeguards Commission audit under the Core Module — specifically governance, incident management, and worker support requirements.

What auditors look for in each register

Risk Register: Auditors check that: (1) corporate risks are documented with a likelihood × consequence score, (2) controls are described for each risk, (3) risks are reviewed regularly (at least annually), and (4) high-rated risks have specific action plans. An empty or recently-created risk register with generic risks is a finding. Supervision Register: Auditors check that: (1) all coordinators have regular supervision (typically monthly for new staff, quarterly for experienced), (2) supervision records include dates, topics discussed, and supervisor details, (3) the coordinator has signed off on each session, and (4) there are no extended gaps (>6 months) without documented supervision. Training Register: Auditors check that: (1) all staff have completed mandatory training (NDIS Worker Orientation Module, organisational induction, mandatory reporting), (2) training records include the date, provider, and a completion certificate or assessment result, and (3) training is refreshed at appropriate intervals (e.g. first aid every 3 years, mandatory reporting annually). CAPA Register: Auditors check that: (1) incidents and complaints have been escalated to CAPAs where systemic issues were identified, (2) CAPAs have been assigned to a responsible person with a due date, (3) CAPAs have been closed with evidence of the corrective action taken, and (4) the same type of incident isn’t recurring (which would indicate the CAPA was ineffective).