Updated: July 6, 2026
Most DOT-regulated employers are enrolled in a testing program. Most are not audit-ready. There is a significant difference between the two, and DOT auditors see that gap consistently.
A DOT compliance audit does not test whether you have a testing program. It tests whether your program is being executed correctly, on time, and with documentation that proves it. Enrollment is the starting point. What auditors evaluate is everything that happens after enrollment: whether random selections are conducted correctly, whether safety-sensitive employees are in the pool, whether records can be produced on demand, and whether every violation was handled according to federal requirements.
This guide covers what DOT auditors actually review, where employers most commonly fail, and what audit-ready looks like in practice. If you manage a DOT-regulated workforce and want an honest assessment of where your program stands, this is the right place to start.
Key Takeaways
- DOT audits evaluate execution and documentation, not intent. Being enrolled in a testing program is not sufficient. Auditors verify that the program is being managed correctly and that records support every action taken.
- The most common audit failures are not missed tests; they are documentation gaps: missing notification records, inconsistent random pool rosters, incomplete post-accident documentation, and missing supervisor training certificates.
- Auditors operate on a simple standard: if it is not documented, it did not happen. Records produced after an audit request carry significantly less weight than records maintained in the ordinary course of program management.
- Clearinghouse compliance is an active audit item for FMCSA-regulated employers. Auditors verify that required queries were run, that violations were entered, and that return-to-duty activity is correctly recorded.
- Employers who work through a C/TPA are still responsible for maintaining their own records and audit-readiness. The C/TPA helps manage the program but the ultimate responsibility lies with the employer.
- DOT audits can be triggered by new entrant reviews, incident follow-ups, or compliance checks, and they can occur with minimal advance notice. Audit readiness is not a one-time exercise; it is a continuous program management standard.
What Triggers a DOT Audit
DOT compliance audits are conducted by DOT agency safety investigators. This is true for all divisions of the DOT (FMCSA for motor carriers, but also by FAA, FTA, FRA, and PHMSA) depending on the regulated industry. Common triggers include:
- New entrant safety audits, which are required for new motor carriers within the first 12 months of operation
- Compliance reviews initiated following a reportable accident, violation finding, or complaint
- Follow-up audits conducted after prior findings to verify corrective action
- Targeted compliance checks based on safety data, out-of-service rates, or other indicators
- Random compliance reviews across regulated employer populations
For FMCSA-regulated employers, Safety Measurement System (SMS) data and Compliance, Safety, Accountability (CSA) scores can increase the likelihood of a compliance review. Employers with elevated BASIC scores in the Controlled Substances and Alcohol category are more likely to receive an audit request.
Regardless of the trigger, the employer is expected to respond to audit requests promptly and produce documentation on demand. Delays in producing records are not treated neutrally by auditors.
What DOT Auditors Actually Review
DOT drug and alcohol audits are documentation audits. Auditors are not evaluating your intent or your policies in isolation. They are verifying that your program produced the correct actions, at the correct times, and that those actions are documented. The following are the primary areas auditors examine:
Random Testing Records
Random testing is the most audited component of a DOT drug and alcohol program. Auditors verify that selections were conducted at the required annual rate for the applicable DOT agency, that the selection method was scientifically valid, and that all safety-sensitive employees were included in the pool throughout the year.
Auditors request selection records for the audit period, typically within the prior two calendar years. Those records must show who was selected, when, how they were notified, when they tested, and what the result was. A selection that cannot be traced from notification through result is a documentation failure, regardless of whether the test was conducted.
Roster management is a common weak point. Auditors look for employees who performed safety-sensitive functions but were not in the testing pool, and for employees who were included in the pool after they stopped performing safety-sensitive work. Both represent compliance failures.

Employee Notification Records
Documenting when an employee was notified and directed to report for random testing is a strongly recommended best practice, though it is not an explicitly required element under 49 CFR Part 40. Maintaining notification records helps demonstrate that the test was unannounced, which is a core requirement of the random testing framework. Employers who cannot show when or how an employee was notified are in a weaker position if a selection or test outcome is ever questioned.
The most defensible approach is to document the notification date, time, employee name, and test reason at the time of notification. Records created after the fact carry significantly less weight than those maintained in the ordinary course of program management.
Post-Accident Testing Documentation
Post-accident testing is one of the highest-risk areas for audit findings. The FMCSA requires that drug and alcohol testing be initiated as soon as possible following a qualifying accident. Testing should be completed within 2 hours of the accident; if unsuccessful efforts should cease after eight hours for the alcohol test and 32 hours for the drug test. The employer must document both the timing of the test and, if testing was not completed within the required window, the reason why.
Auditors request post-accident testing records for every qualifying accident in the audit period. Missing documentation, or documentation showing testing occurred outside the required window without a documented explanation, results in audit findings.
Supervisor Training Records
DOT regulations require that supervisors who make reasonable suspicion testing determinations complete two hours of training: one hour on controlled substances and one hour on alcohol. That training must be completed before the supervisor makes a reasonable suspicion referral. Documentation of when each supervisor completed training, and what the training covered, must be maintained and produced during audits.
Supervisor training records are audited for both existence and currency. A supervisor who completed training years ago may still have a valid record if no retraining requirement has triggered. But employers who cannot locate training records, or whose records show supervisors made reasonable suspicion referrals before completing required training, face findings. See PROCOM’s supervisor training services for more.
FMCSA Clearinghouse Records
For FMCSA-regulated employers, Clearinghouse compliance is an active and increasingly detailed audit item. Auditors verify that:
- A full Clearinghouse query was conducted for every new driver before their first safety-sensitive assignment
- Annual limited queries were conducted for all current drivers
- Violations were entered into the Clearinghouse within required timeframes
- Return-to-duty activity was correctly recorded, including SAP evaluations, return-to-duty test results, and follow-up testing completion
Clearinghouse audit findings have become more frequent as FMCSA enforcement has focused on Clearinghouse compliance. Employers who have not established structured query and reporting processes are frequently unprepared for this component of the audit.
Return-to-Duty and Follow-Up Testing Documentation
If any employee has had a DOT drug or alcohol program violation during the audit period, auditors will review the complete return-to-duty record for that employee. This includes the SAP evaluation documentation, the directly observed return-to-duty test result, and the follow-up testing calendar with documentation of each completed follow-up test.
Under 49 CFR Part 40.309, the SAP must specify a minimum of six unannounced directly observed follow-up tests in the first 12 months following return to safety-sensitive duty. Auditors verify that the follow-up testing schedule was administered correctly and that each test was completed within the timeframes specified.
Recordkeeping
DOT drug and alcohol testing records must be retained in accordance with specific federal schedules. Most records must be retained for five years. Negative and canceled test results are retained for two years. Auditors expect employers to produce records immediately. Employers who cannot locate records, who must contact their C/TPA to retrieve documentation, or who produce records that are disorganized or incomplete, create a negative impression that affects how auditors evaluate the overall program.
A common misconception is that working with a C/TPA eliminates the employer’s recordkeeping responsibility. It does not. The C/TPA maintains records on behalf of the employer, but the employer remains independently responsible for ensuring those records exist, are accurate, and can be produced on demand.
Enrolled vs. Audit-Ready: What the Difference Looks Like
Enrollment in a DOT-compliant testing program means you have access to the infrastructure: a consortium pool, a C/TPA managing random selections, a collection network, and MRO review for results. It means the program exists.
Audit-readiness means the program is running correctly, quarter after quarter, and that every action the program requires has been documented at the time it occurred. The distinction shows up most clearly in four areas:
Roster accuracy: An audit-ready employer’s pool roster exactly matches the current list of safety-sensitive employees. Employees who entered safety-sensitive roles are in the pool from day one. Employees who leave are removed promptly. An enrolled employer may have a pool that drifts from reality over time as the roster is not actively maintained.
Notification documentation: An audit-ready employer maintains written records of random notifications as a best practice, including the date, time, and employee notified. While not explicitly required under Part 40, these records demonstrate that selections were conducted correctly and tests were unannounced. An enrolled employer may conduct notifications but document them informally or not at all, leaving a gap that is difficult to explain if a selection is questioned.
Again, not sure this is a requirement.
Centralized records: An audit-ready employer can produce chain-of-custody forms, MRO result reports, selection records, and training certificates within minutes of an audit request. An enrolled employer may need to contact multiple parties to reconstruct records that should be immediately available.
Clearinghouse compliance: An audit-ready employer has a documented process for pre-employment queries, annual limited queries, and violation reporting. An enrolled employer may be conducting testing correctly but have no structured Clearinghouse query process in place.

What to Do Before a DOT Audit
The steps below are not a pre-audit checklist to complete in the days before an auditor arrives. They are ongoing program management responsibilities that should be fulfilled continuously throughout the year. An auditor will quickly recognize documentation that was assembled or reconstructed in response to an audit notice, and that recognition works against the employer. True audit readiness is built over time through consistent program execution, not through last-minute preparation. With that said, reviewing these areas regularly is a useful way to identify gaps before an auditor does:
Pull your random selection records for the prior 24 months and verify that selections were made at the required rate, that all safety-sensitive employees were in the pool, and that every selection has a corresponding notification record and completed test result.
Confirm your roster matches reality. Compare your current testing pool roster to your actual list of safety-sensitive employees. Identify anyone who should be in the pool but is not, or who is in the pool but has left the safety-sensitive role.
Locate supervisor training records for every supervisor who has authority to make reasonable suspicion referrals. Verify that each record shows the required two hours of training and the date it was completed.
Run a Clearinghouse audit for FMCSA-regulated programs. Confirm that pre-employment queries were conducted for every driver hired in the audit period, that annual limited queries have been run for all current drivers, and that any violations were entered within required timeframes.
Review post-accident records for any qualifying accidents in the audit period. Confirm that testing was initiated within required timeframes and that documentation of the timing and outcome exists.
Confirm return-to-duty records for any employee who had a violation. Verify that SAP evaluation documentation, the RTD test result, and follow-up testing records are complete and organized.
For a more detailed self-assessment organized around the DER’s specific responsibilities, see the DER Audit Readiness Checklist.
How PROCOM Supports DOT Audit Preparation
PROCOM manages the operational infrastructure of DOT drug and alcohol testing programs for employers across Colorado and nationally. This includes random pool management, selection draws, collection coordination, MRO review, Clearinghouse support, and audit-ready documentation maintained throughout the year.
For employers who want to assess their current program before an audit, PROCOM’s team can review your program structure, identify documentation gaps, and help establish processes that close those gaps before they become audit findings. See Consortium and TPA Services for a full overview of how PROCOM manages DOT compliance programs.
PROCOM provides:
- ✔ Full C/TPA program management – random pool, selections, collection coordination, and documentation
- ✔ In-house MRO services for faster result turnaround
- ✔ Clearinghouse support for FMCSA-regulated employers
- ✔ DER support and direct access – no ticketing system
- ✔ Audit-ready documentation maintained throughout the year, not assembled in a panic when auditors arrive
- ✔ 24/7 after-hours testing for post-accident and urgent situations
Contact PROCOM to discuss your current program or establish a new one. Consortium and TPA Services | Contact PROCOM
📞 303-325-3010 | 📧 michelle@procomtesting.com
Related Services: Consortium and TPA Services | DER Support Services | DOT Drug and Alcohol Testing | Supervisor Training | View All Services
Related Content: DER Audit Readiness Checklist | DER Responsibilities Under 49 CFR Part 40 | How DERs Work with TPAs and MROs | Random Drug and Alcohol Testing Programs
Compliance Resources: 49 CFR Part 40 | FMCSA Drug and Alcohol Rules | FMCSA Clearinghouse | DOT Agency Requirements
Service Areas: Denver | Colorado Springs | Pueblo | Grand Junction | Glenwood Springs | View All Service Areas
Regulatory Disclaimer: This content is provided for general informational and educational purposes regarding DOT and workplace drug and alcohol testing requirements. It does not constitute legal advice, official DOT regulatory interpretation, or company-specific compliance guidance. DOT drug and alcohol testing regulations are established under 49 CFR Part 40 and DOT agency-specific regulations and are subject to amendment. Always verify you are applying current regulations and consult qualified legal counsel for definitive compliance requirements. PROCOM Testing provides DOT and non-DOT drug and alcohol testing services in accordance with 49 CFR Part 40. Compliance with drug and alcohol testing regulations is the employer’s responsibility.
PROCOM Testing | DOT-Qualified Collectors | SAMHSA-Certified Lab Partnerships | In-House MRO Services
Frequently Asked Questions About DOT Audits
DOT compliance audits for drug and alcohol testing programs review random selection records, employee notification documentation, post-accident testing records, supervisor training certificates, MRO result reports, Clearinghouse query and reporting records for FMCSA-regulated employers, and return-to-duty documentation for any employees who had violations during the audit period. Auditors are verifying that the program was executed correctly and that documentation exists for every required action.
Notice periods vary depending on the type of audit and the agency conducting it. New entrant audits for motor carriers are typically scheduled in advance. Compliance reviews following an incident may provide minimal advance notice. Some audits are conducted with little to no warning. Employers who maintain audit-ready records throughout the year are not disadvantaged by short notice periods. Employers who must reconstruct records when an audit is announced are at significant risk regardless of how the program actually operated.
Not automatically. A C/TPA manages the operational infrastructure of your testing program, pool management, selections, collection coordination, and recordkeeping support. But the employer remains independently responsible for audit readiness. This means the employer must maintain their own organized records, confirm that the roster is accurate, ensure that Clearinghouse obligations are being met, and be able to produce documentation on demand without relying entirely on the C/TPA to retrieve records during the audit.
The most common audit failures are not missed tests; they are documentation gaps. Missing random notification records, inconsistent pool rosters with employees who should be in the pool but are not, incomplete post-accident testing records, missing supervisor training certificates, and Clearinghouse compliance gaps are the issues that produce the most findings. Employers who assume their C/TPA is handling documentation and never verify that assumption are frequently unprepared when auditors arrive.
The outcome depends on the severity of the findings and the regulatory agency. Minor documentation deficiencies may result in a warning or a corrective action plan with a follow-up audit scheduled to verify resolution. More serious findings, such as safety-sensitive employees operating without required pre-employment tests, violations that were not addressed, or systematic failures to conduct required testing, can result in civil penalties, out-of-service orders, or referral for enforcement action. FMCSA has the authority to issue civil penalties for drug and alcohol testing program violations under 49 CFR Part 382.
Most DOT drug and alcohol audits focus on a 12-month audit period, though auditors may go further back when a specific incident or prior finding warrants it. The federal recordkeeping schedule requires that most drug and alcohol testing records be retained for five years, and auditors may request records going back to the full retention period if circumstances warrant. Employers should maintain organized records for the full retention period, not just the most recent 12 months.
Yes. PROCOM can help employers assess what records exist, identify documentation gaps, and prepare the materials that auditors are likely to request. However, records that were not created at the time of each testing event cannot be reconstructed retroactively. The most effective preparation is ongoing program management that produces audit-ready records as a matter of routine, not a response to an imminent audit. If an audit has been announced, contact PROCOM immediately to assess the situation and prepare the best possible response.


