ASQA's auditing approach
ASQA conducts compliance audits to assess RTOs’ ongoing compliance with:
- National Vocational Education and Training Regulator Act 2011 (the NVR Act)
- VET Quality Framework (which includes the Standards for Registered Training Organisations (RTOs) 2015)
Student-centred auditing approach
We apply a student-centred approach when auditing RTOs and CRICOS providers.
This approach focuses on the practices and behaviours of training providers regarding the five key phases of the student learning experience:
- Marketing and recruitment
- Support and progression
- Training and assessment
These student experience phases, along with a provider’s regulatory and governance responsibilities, are assessed for compliance against standards and clauses in the following legislative instruments:
- Standards for Registered Training Organisations (RTOs) 2015
- National Code of Practice for Providers of Education and Training to Overseas Students 2018
- ELICOS Standards 2018.
The following table shows how we map the key standards and clauses against the phases of the student journey and regulatory and governance responsibilities.
When might ASQA conduct a compliance audit?
ASQA will generally conduct a compliance audit:
- within two years of initial registration—a post-commencement check to ensure everything is operating as it should, or
- when a risk intelligence assessment has determined there is risk of an RTO failing to meet its regulatory obligations.
An audit, including site inspection, may also be undertaken as part of the registration application process.
How does ASQA decide which RTOs or providers need auditing?
ASQA usually conducts an audit when concerns about an RTO or provider arise as part of our risk intelligence gathering processes.
Every RTO and CRICOS provider in Australia has a provider risk profile within ASQA’s centralised database. We regularly update these profiles with new information sourced from our risk intelligence gathering measures.
We gather this risk intelligence information from a range of sources, including:
- environmental scans—monitoring of the internal and external environment for potential threats
- current and former students—via surveys, interviews and verified complaints
- government and industry reviews and findings.
When alerted to concerns about an RTO or provider's activity, we analyse the information using an assessment matrix, as outlined in our Regulatory Risk Framework. We allocate potential risks a rating of low, medium, high or extreme. This rating guides our decision on whether to audit a provider or not.
If we consider an audit necessary, the risk intelligence information gathered will:
- inform the scope of the audit
- identify primary areas of concern
- support, or identify any variance from, the evidence provided during the audit process.
This intelligence-led, risk-based regulatory approach means that a provider review is less likely to be triggered by an application and more likely by events, such as credible and reliable provider reports or unusual provider activity.