ASQA's auditing approach

ASQA conducts compliance audits to assess RTOs’ ongoing compliance with:

Student-centred auditing approach

We apply a student-centred approach when auditing RTOs and CRICOS providers.

This approach focuses on the practices and behaviours of training providers regarding the five key phases of the student learning experience:

  1. Marketing and recruitment
  2. Enrolment
  3. Support and progression
  4. Training and assessment
  5. Completion

These student experience phases, along with a provider’s regulatory and governance responsibilities, are assessed for compliance against standards and clauses in the following legislative instruments:

CRICOS and ELICOS providers are also assessed against the Education Services for Overseas Students Act 2000 (ESOS Act), and, where relevant, the ELICOS Standards 2018.

The following table shows how we map the key standards and clauses against the phases of the student journey and regulatory and governance responsibilities.

Key phases of the student journey.
Find out more about the student-centred approach in our fact sheet.

When might ASQA conduct a compliance audit?

ASQA will generally conduct a compliance audit:

  • within two years of initial registration—a post-commencement check to ensure everything is operating as it should, or
  • when a risk intelligence assessment has determined there is risk of an RTO failing to meet its regulatory obligations.

An audit, including site inspection, may also be undertaken as part of the registration application process.

How does ASQA decide which RTOs or providers need auditing?

ASQA usually conducts an audit when concerns about an RTO or provider arise as part of our risk intelligence gathering processes.

Every RTO and CRICOS provider in Australia has a provider risk profile within ASQA’s centralised database. We regularly update these profiles with new information sourced from our risk intelligence gathering measures.

We gather this risk intelligence information from a range of sources, including:

  • environmental scans—monitoring of the internal and external environment for potential threats
  • current and former students—via surveys, interviews and verified complaints
  • government and industry reviews and findings.

When alerted to concerns about an RTO or provider's activity, we analyse the information using an assessment matrix, as outlined in our Regulatory Risk Framework. We allocate potential risks a rating of low, medium, high or extreme. This rating guides our decision on whether to audit a provider or not.

If we consider an audit necessary, the risk intelligence information gathered will:

  • inform the scope of the audit
  • identify primary areas of concern
  • support, or identify any variance from, the evidence provided during the audit process.

This intelligence-led, risk-based regulatory approach means that a provider review is less likely to be triggered by an application and more likely by events, such as credible and reliable provider reports or unusual provider activity.

Was this page helpful?