Maintaining compliance

A registered training organisation (RTO) must ensure it complies with the conditions of its registration throughout the period of its registration. These conditions can include those that apply to all RTOs and are described within the National Vocational Education and Training Regulator Act 2011, and those imposed by ASQA on the registration of a particular RTO.

RTOs must:

  • comply at all times with the VET Quality Framework, which comprises:
    • the Standards for NVR Registered Training Organisations
    • the Australian Qualifications Framework (AQF)
    • the Data Provision Requirements
    • the  Fit and Proper Person Requirements
    • the  Financial Viability Risk Assessment Requirements
  •  Word Notify ASQA of material changes 
  • give ASQA information that is lawfully requested
  • cooperate with ASQA
  • comply with ASQA’s general directions 
  • comply with any other conditions that ASQA may impose.

RTOs will be notified in writing of any conditions (or changes to conditions) imposed on their registration.

Compliance audits

ASQA conducts compliance audits of RTOs. These audits are risk-based and targeted and are undertaken at ASQA’s discretion with the authority of an ASQA Commissioner.

The focus of compliance audits is to ensure training providers are compliant with the VET Quality Framework and applicable conditions of registration. Compliance audits are conducted at the RTO’s premises. ASQA examines the strategies, resources and materials used to deliver a sample of the qualifications or units of competency in the RTO’s scope of registration. 

The compliance auditor (or audit team, which may include industry specialists) may interview RTO personnel and/or clients to review the:

  • effectiveness of management systems, delivery strategies and other materials
  • adequacy of records retained
  • suitability of facilities and equipment
  • credentials of nominated delivery personnel.

If the RTO does not comply, it has an opportunity (within 20 working days) to provide additional or amended evidence to demonstrate its full compliance. ASQA analyses the additional evidence before it makes a decision about compliance with the VET Quality Framework.

Some providers choose to include 'internal audit' or self-assessment as a part of their strategy for monitoring ongoing compliance. The Continuing registration—self assessment checklist may assist providers to conduct and record information on the self-assessment process.

Read more about ASQA’s audit process:    Audit fact sheet (PDF 130kb)    Audit fact sheet (DOC 776kb.)

What is the difference between a compliance audit and other audits undertaken by ASQA?

Compliance audits are risk-based and targeted, and are undertaken at ASQA’s discretion with the authority of a Commissioner. The focus of compliance audits is to ensure training providers are compliant with the VET Quality Framework and applicable conditions of registration. The cost of ASQA undertaking a compliance audit is charged to the RTO following completion of the audit. Providers subject to a compliance audit will in most cases be advised in advance of the audit. 

Other audits undertaken by ASQA are prompted by applications for initial registration, renewal of registration and change to scope of registration and are referred to as registration audits. The cost of ASQA undertaking a registration audit is included in the relevant application and assessment fee.

Why are compliance audits scheduled?

Compliance audits are scheduled by ASQA to proactively manage risk.Compliance audits may be triggered by different ASQA business processes, such as:

  • a risk assessment
  • the receipt of one or more serious complaints against the training provider, or
  • a recommendation by a Regional Compliance Manager, for example, a recommendation based on the outcome of a finalised registration audit.

Compliance audits are risk-based and targeted, and are undertaken at ASQA’s discretion.

Will providers be told why a compliance audit is being conducted? 

Providers will, in most cases, receive advance notification that a compliance audit of their organisation will be undertaken, and this notification will detail the reasons for the audit. 

In some cases, a compliance audit will be conducted with minimal or no notice, for example:

  • where there is a concern such as a serious health or safety risk
  • where ASQA has concerns about student attendance, or
  • for any other reason that ASQA decides makes such an audit necessary.

What benchmarks will ASQA auditors work towards for compliance audits? 

ASQA intends to develop indicative benchmarks for its auditors to work to when undertaking compliance audits. These benchmarks will be developed once ASQA has collected sufficient data about compliance audits to provide accurate indicative timeframes. 

The time taken to conduct and finalise an audit varies depending on the scope, findings and the amount of time it takes for auditors to locate evidence demonstrating a provider’s compliance or non-compliance against the relevant standards. Providers can contribute to the efficiency of the audit process by thoroughly preparing for a compliance audit.

What risk framework does ASQA use to schedule and manage audits?

ASQA uses a risk assessment approach when assessing applications for registration and monitoring the compliance of providers. 

When an application is assessed, a provider will be risk assessed. The outcomes of this assessment will help to determine if a registration audit is required and the type and scope of  the audit. This may range from a desktop assessment of evidence submitted by a provider to site visits of a provider’s locations.

When monitoring the ongoing compliance of a provider, a provider’s risk rating is one of the triggers which may lead ASQA to schedule a compliance audit. The risk rating may also determine the type and level of audit to be undertaken. Provider risk ratings are assigned by ASQA through an analysis of data against ‘risk indicators’. The risk indicators are:

  • performance (historical performance in meeting compliance requirements)
  • governance (stability and transparency of governance, including financial viability and suitability of management), and
  • profile (size and locations of providers, scope and type of training delivered).

A risk rating is not assigned to an RTO until sufficient data on its performance in delivering training and assessment services, and quality training outcomes, becomes available. For most providers, this is one year after their initial registration with ASQA. Until then, each provider is considered to have a high exposure to risk and is regulated accordingly.

Will ASQA publicly report on its compliance audit activity?

ASQA will report the number of compliance audits undertaken in its annual report, which is published on this site each year after being tabled in Parliament.