Audits are conducted in a systematic manner based on an audit sampling strategy to ensure that the audit findings, conclusions and recommendations accurately represent the organisation’s operations.

Audits are planned with all members of the audit team aware of their roles and responsibilities.

RTOs or applicants can also contribute to the audit process through their own pre-audit planning and preparation, ensuring necessary staff, resources and evidence are available for the audit to progress smoothly.

TAC determines the scope and schedule of audits based on identified risks, in accordance with the TAC Risk Framework and Regulatory Strategy. Using this information TAC will determine:

• the Standards and clauses to be audited;
• the training product/s to be audited;
  
• whether the audit is to be a desk audit or a site audit;
• the delivery sites to be visited as part of the audit;
• the audit team members required to conduct the audit such as co-auditors, observers and technical experts.

Depending on the type of audit, Auditors in conjunction with TAC, may determine where relevant:

• the staff and students to be interviewed or surveyed;
• the range of student files to be examined; and
• the training and assessment materials to be examined.
  

​For established RTOs, outcomes are the result of strategies implemented to achieve quality training, assessment, client services and management systems. The primary role for the Auditor is to determine, from evidence provided by the RTO, whether the deployment of the RTO’s processes meet the requirements of the Standards for RTOs.  The RTO's scale, scope, student cohort and the approach to the management of its operations, in particular the systems it has in place to ensure continuous improvement, will also provide evidence of whether the outcomes achieved are sustainable. 

To focus on outcomes, the audit process reviews evidence provided by each RTO about what has been achieved against the Standards for RTOs. There is no 'one-size-fits-all' approach to compliance – the audit outcome will be based on whether the RTO’s systems are working as intended and meeting the requirements of the Standards.

The Auditor will consider whether: 

The audit will also check for the deployment of RTO policies and procedures, and the effectiveness of these policies and procedures in achieving quality outcomes and good governance. If the RTO is not achieving anticipated outcomes, the audit may then focus on processes being used by the RTO to identify and resolve any issues. 

The Users’ Guide to the Standards for RTOs suggests a range of evidence that RTOs may choose to present to demonstrate their business practices and how compliance with the Standards is being maintained. 

​Audit findings in relation to an RTO's compliance with the Standards for RTOs are based entirely on the evidence available to the Auditor.

Auditors do not have preconceptions about the form that evidence may take, therefore it is up to the RTO or applicant to present evidence based on their business model and training and assessment practices.

Judgements about whether evidence demonstrates compliance are guided by consideration of these questions:

• Is the evidence valid - is it reflecting the requirements identified in the Standard or clause that is being audited?
• Is the evidence sufficient – is it sufficiently addressing the requirements enabling a fair and reasonable judgement about compliance?
• Is the evidence authentic? – is it genuine, real and related to actual practice?
• Is the evidence current - is it relevant to the operations of the provider at the time of the audit and reflects current industry/regulatory requirements?

If there is insufficient evidence for an Auditor to make a finding of compliance, the gaps will be explained by the Auditor by:

• restating the Standards or clause in relation to the evidence provided;
• explaining why the evidence is not sufficient (relating to the rules of evidence).
  

A finding of non-compliance does not always indicate that the organisation is not complying with a particular clause – occassionaly it may be due to an absence of evidence available at the time of the audit.

For new applicants seeking registration, the focus of the audit is on intent, as there will have been no deployment of systems or processes to demonstrate compliance. The Auditor's role is to check and confirm sufficient evidence is presented to demonstrate that the applicant has the capacity to operate effectively as an RTO and have the capcity to operate as an RTO immediately following the audit. 

RTOs vary in size and scope, from a one-person provider delivering units of competency in a niche market in one location, to a large RTO with numerous qualifications on its registration offered state-wide. The diversity of RTOs includes private RTOs, community RTOs, enterprise-based RTOs, industry-based RTOs, TAFEs and schools.

This diversity means that there is no 'one size fits all' approach to evidence of compliance. The Auditor must be open to considering the different forms of evidence that each RTO may provide to support making a judgement about compliance with the Standards and clauses.  

The RTO's legally responsible person identified by the RTO or applicant is informed about the audit in advance and given an opportunity to provide evidence of compliance in a form suited to the RTO's operations.

The RTO or applicant will also be advised who they can contact in the TAC Secretariat if they have any questions or concerns before the audit including any conflict of interest with the Auditor.

For site audits, the audit schedule will be communicated between the RTO or applicant and Auditor.  The process is confirmed at the entry meeting between audit team and RTO/applicant. The legally responsible person, senior management and/or delegate are required to attend the entry and exit meetings with the audit team as part of the site audit process.

Auditors will provide information about their role when interviewing staff or clients. The Auditor will also explain how the information participants provide will contribute to judgements about compliance with the Standards for RTOs. 

If the audit takes more than one day, a brief meeting at the close of each day may be scheduled to inform the RTO of any issues that have arisen during the day. On completion of a site audit, the Auditor will provide the organisation with an verbal summary of the audit findings during the exit meeting. The Auditor must inform the RTO or applicant that the information provided at the exit meeting is a preliminary assessment only, and that the official audit report will include more comprehensive information on the audit findings. Auditors are not required to provide a verbal summary of audit outcomes for desk audits.

Following any audit, the Auditor will prepare a report which is submitted to TAC for consideration. Should any non-compliances be identified, the RTO will be formally notified by the TAC. 

Further information is available on the audit process and timelines for submission of rectification evidence.