Understanding the Audit Process

The Training Accreditation Council's (TAC's) audit process aims to ensure the compliance of a Registered Training Organisation (RTO) with the Standards for RTOs and TAC policies.
Last updated:

The sections detailed below provide information to assist RTOs to understand the audit process.

Additional information on the audit process is available in the:

  Preparing for Audit webinar

  Renewal of Registration webinar

TAC Audit Objectives

The primary objective of an audit is to establish that the RTO or applicant is, at a minimum, meeting the applicable Standards for RTOs. TAC engages an external panel of Auditors to undertake audit services on its behalf.  These Auditors will need to sight tangible evidence that demonstrates how the RTO or applicant meets compliance with the applicable Standards being audited.

The purpose and scope of a TAC audit will depend on the type of audit, e.g., initial registration, amendment to scope or renewal of registration. The audit will focus on a range of business practices within the audit scope and will most likely involve:

  • visual inspection/site visits;
  • review of documentation;
  • interviews with students, staff and other stakeholders; and
  • tracking the student's journey and records from pre-enrolment to post completion.

Category of Audit

Once registered, the audits that could occur during an RTO's registration include:

  • audits required as a result of changes to the RTO's scope of registration; and
  • audits commissioned by TAC as part of its ongoing risk management approach;

The extent to which each RTO is monitored and audited by TAC during its registration period is based on an assessment of risk to the quality of training and assessment outcomes and the national VET sector.  The process for doing this is described in the TAC Risk Framework

There are a number of different types of audit that may be scheduled by TAC, and these fall into two categories: audits resulting from applications and those initiated by TAC. 

Audits Resulting from Applications

When an application is received, the TAC will undertake a desktop review to determine if the application is complete. If the application requirements have been met, TAC will conduct a risk assessment to determine whether an audit is necessary in line with the TAC Risk Framework and Regulatory Strategy   

Based on the outcome of the risk assessment an audit may be required. 

Audits resulting from applications include:

  • Initial registration audits
  • Amendment to scope audits
  • Renewal of registration audits

Audits Initiated by TAC

Audits initiated by TAC are undertaken most commonly to monitor compliance or respond to an identified risk. Should your RTO require an audit you will be notified in writing of the type of audit to be undertaken and the reason for it.

The different categories of TAC initiated audits include:

Monitoring audits

In some instances an RTO will be required to undergo a monitoring audit. Monitoring audits are generally targeted audits endorsed by TAC that focus on specific training products or Standards.  These audits are often initiated to ensure that the actions proposed by an RTO to rectify non-compliances have been deployed, or to address particular training areas or concerns that have been raised by industry.

Complaint audits

TAC only investigates complaints that relate to an RTO's compliance with the Standards for RTOs.  An audit can be initiated in response to a complaint if an internal review determines that there are grounds for further investigation or that there are potential breaches of the Standards. The RTO will be advised of the complaint and the process for the investigation.

Information about complaint audits is available in the TAC Complaints Policy

Strategic Reviews

Strategic Reviews provide an in-depth analysis of systemic issues pertaining to a specific industry area or other systemic VET issues.  The consideration of risk at the local level allows WA to respond to locally or nationally identified quality issues and intervene in a timely manner.

Please find a copy of the TAC Regulatory Strategy

Strategic Review reports previously undertaken by TAC can be found on the Strategic Review Reports page. 

Compliance Monitoring Audits

Compliance Monitoring Audits (CMA) allow for the monitoring of compliance with the Standards for RTOs as a result of non-compliances identified at previous audits or when seeking removal of a suspension.

RTOs will be considered for a CMA if one or more of the following criteria applies:

1. When an RTO has been found critically non-compliant at audit.

2. When two consecutive significant or critical non-compliant outcomes have been identified at audit against the same training product/s or industry area within a three-year period.

3. When the Council has determined that the outcome of an audit indicates that a broader audit sample is required due to the identification of risks that could be detrimental to those undertaking VET with the provider.

4. On application from an RTO for reassessment of the Council's decision to suspend a provider's registration.

If the RTO meets the criteria, the matter will be sent to the Council for consideration.

All CMAs endorsed by the Council will be charged in line with the CMA fees schedule.

Further information is available in the CMA policy 

Audit as a Regulatory Tool

TAC implements a continuous audit strategy through its Regulatory Strategy ensuring that issues are responded to as they arise. This strategy aligns with and complements the national regulatory approach to risk management.

An audit is a planned, systematic and documented process used to assess an RTO or applicant's compliance with the Standards. It provides an RTO with valuable information about the quality of its training, assessment, client services and the management systems it uses to meet its regulatory obligations and achieve quality outcomes.

Audit Method

There are three audit methods:

  • site audits;
  • hybrid audits; and
  • desk audits.

Auditors are required to apply the audit principles, which includes natural justice and procedural fairness in the planning, conduct and reporting of all audits, regardless of the type of audit or audit method applied.

The method of audit is determined in line with TAC's risk approach.

Site Audit

A site audit is an audit that includes a visit to the RTO or applicant’s physical premises. It allows the Auditor to collect, through interviews and observation, a broad range of evidence to determine the extent to which an RTO or applicant complies with the Standards for RTOs.  In most cases, the process for a site audit can be viewed in the following flowchart:


Hybrid Audit

A hybrid audit is an audit that is conducted off site, but involves interviews and an inspection of the RTO or applicant’s physical premises and resources via videoconference. In most cases, the process for a site audit can be viewed in the following flowchart:

 Flowchart - Hybrid Audit Process.pdf


Desk Audit

A desk audit is an audit that is conducted off site, but may involve email or telephone contact with the RTO or applicant. A desk audit may be used where a physical inspection is not required. In most cases, the process for a desk audit can be viewed in the following flowchart:

TAC Audit Principles

The following five principles underpin the way TAC audits are conducted. They provide a reference point for RTOs, applicants and Auditors for the conduct of audits.

For further information, click on the audit principles below:


Audits are conducted in a systematic manner based on an audit sampling strategy to ensure that the audit findings, conclusions and recommendations accurately represent the organisation’s operations.

Audits are planned with all members of the audit team aware of their roles and responsibilities.

RTOs or applicants can also contribute to the audit process through their own pre-audit planning and preparation, ensuring necessary staff, resources and evidence are available for the audit to progress smoothly.

TAC determines the scope and schedule of audits based on identified risks, in accordance with the TAC Risk Framework and Regulatory Strategy 

Using this information TAC will determine:

  • the Standards and clauses to be audited;
  • the training product/s to be audited;
  • whether the audit is to be a desk audit or a site audit;
  • the delivery sites to be visited as part of the audit;
  • the audit team members required to conduct the audit such as co-auditors, observers and technical experts.

Depending on the type of audit, Auditors in conjunction with TAC, may determine where relevant:

  • the staff and students to be interviewed or surveyed;
  • the range of student files to be examined; and
  • the training and assessment materials to be examined.

Outcomes Focused​

For established RTOs, outcomes are the result of strategies implemented to achieve quality training, assessment, client services and management systems. The primary role for the Auditor is to determine, from evidence provided by the RTO, whether the deployment of the RTO’s processes meet the requirements of the Standards for RTOs.  The RTO's scale, scope, student cohort and the approach to the management of its operations, in particular the systems it has in place to ensure continuous improvement, will also provide evidence of whether the outcomes achieved are sustainable. 

To focus on outcomes, the audit process reviews evidence provided by each RTO about what has been achieved against the Standards for RTOs. There is no 'one-size-fits-all' approach to compliance – the audit outcome will be based on whether the RTO’s systems are working as intended and meeting the requirements of the Standards.

The Auditor will consider whether: 

  • the RTO’s evidence has met the requirements of each Standard or clause; and
  • results were achieved through the planned and systematic deployment of specific actions taken by the RTO.

The audit will also check for the deployment of RTO policies and procedures, and the effectiveness of these policies and procedures in achieving quality outcomes and good governance. If the RTO is not achieving anticipated outcomes, the audit may then focus on processes being used by the RTO to identify and resolve any issues. 

  The Users’ Guide to the Standards for RTOs suggests a range of evidence that RTOs may choose to present to demonstrate their business practices and how compliance with the Standards is being maintained. 

For new applicants seeking registration, the audit considers whether:

  • the applicant has met the requirements of each Standard and clause;
  • the planned approach to achieving quality outcomes is systematic;
  • the applicant is sufficiently aware of the VET environment in which it will operate; and
  • the intent of the planned business practices are achievable and sustainable.

Evidence Based

​Audit findings in relation to an RTO's compliance with the Standards for RTOs are based entirely on the evidence available to the Auditor.

Auditors do not have preconceptions about the form that evidence may take, therefore it is up to the RTO or applicant to present evidence based on their business model and training and assessment practices.

Judgements about whether evidence demonstrates compliance are guided by consideration of these questions:

  • Is the evidence valid - is it reflecting the requirements identified in the Standard or clause that is being audited?
  • Is the evidence sufficient – is it sufficiently addressing the requirements enabling a fair and reasonable judgement about compliance?
  • Is the evidence authentic? – is it genuine, real and related to actual practice?
  • Is the evidence current - is it relevant to the operations of the provider at the time of the audit and reflects current industry/regulatory requirements?

If there is insufficient evidence for an Auditor to make a finding of compliance, the gaps will be explained by the Auditor by:

  • restating the Standards or clause in relation to the evidence provided;
  • explaining why the evidence is not sufficient (relating to the rules of evidence).

A finding of non-compliance does not always indicate that the organisation is not complying with a particular clause – occasionally it may be due to an absence of evidence available at the time of the audit.

For new applicants seeking registration, the focus of the audit is on intent, as there will have been no deployment of systems or processes to demonstrate compliance. The Auditor's role is to check and confirm sufficient evidence is presented to demonstrate that the applicant has the capacity to operate effectively as an RTO and have the capacity to operate as an RTO immediately following the audit. 


RTOs vary in size and scope, from a one-person provider delivering units of competency in a niche market in one location, to a large RTO with numerous qualifications on its registration offered state-wide. The diversity of RTOs includes private RTOs, community RTOs, enterprise-based RTOs, industry-based RTOs, TAFEs and schools.

This diversity means that there is no 'one size fits all' approach to evidence of compliance. The Auditor must be open to considering the different forms of evidence that each RTO may provide to support making a judgement about compliance with the Standards and clauses.  

​Fair, Open and Transparent

The RTO's legally responsible person identified by the RTO or applicant is informed about the audit in advance and given an opportunity to provide evidence of compliance in a form suited to the RTO's operations.

The RTO or applicant will also be advised who they can contact in the TAC Secretariat if they have any questions or concerns before the audit including any conflict of interest with the Auditor.

For site audits, the audit schedule will be communicated between the RTO or applicant and Auditor.  The process is confirmed at the entry meeting between audit team and RTO/applicant. The legally responsible person, senior management and/or delegate are required to attend the entry and exit meetings with the audit team as part of the site audit process.

Auditors will provide information about their role when interviewing staff or clients. The Auditor will also explain how the information participants provide will contribute to judgements about compliance with the Standards for RTOs. 

If the audit takes more than one day, a brief meeting at the close of each day may be scheduled to inform the RTO of any issues that have arisen during the day. On completion of a site audit, the Auditor will provide the organisation with an verbal summary of the audit findings during the exit meeting. The Auditor must inform the RTO or applicant that the information provided at the exit meeting is a preliminary assessment only, and that the official audit report will include more comprehensive information on the audit findings. Auditors are not required to provide a verbal summary of audit outcomes for desk audits.

Following any audit, the Auditor will prepare a report which is submitted to TAC for consideration. Should any non-compliances be identified, the RTO will be formally notified by the TAC.