The FMCSA reviewer who shows up for your Compliance Review in 2026 is not there to read every page of every driver qualification file. They're going to pull a sample — typically five to ten drivers — and then start asking questions.

That's the part most safety directors aren't prepared for.

Carriers spend months getting their DQ files in order before an audit. They confirm verifications were completed. They make sure signatures are in the right places. What they don't do is prepare to explain the process behind each verification — who made contact, when, how many attempts were required, what happened when an employer didn't respond, and why a particular verification took as long as it did.

FMCSA reviewers don't audit drivers. They audit your verification process. The most common audit failures aren't missing records; they're records that exist but can't survive a follow-up question. This article walks through the specific document requests, follow-up questions, and red flags that appear in FMCSA Compliance Reviews and New Entrant audits — so you can prepare for the audit reviewers actually run, not the one you think they run.

The 3 Audits You Might Face (And What's Different About Each)

Not all FMCSA audits are equal. Understanding which type you're facing — and what distinguishes it — shapes how you prepare.

New Entrant Safety Audit. Every new motor carrier receives this within 12 months of receiving a DOT number. In most cases it's conducted online or by phone: you upload documents through the FMCSA SMS portal, a reviewer checks for basic safety systems, and the result is pass or fail. The reviewer is typically checking for the presence of required programs and records, not drilling into process-level documentation. Employment verification gaps are still findable here, but the scrutiny is lighter than what comes later.

Compliance Review. This is the one that keeps safety directors up at night. Triggered by poor CSA scores, a crash, a complaint, or a pattern of roadside violations, a Compliance Review is conducted in person by an FMCSA safety investigator with significantly more experience than a New Entrant reviewer. The rating outcomes — Satisfactory, Conditional, or Unsatisfactory — have real consequences, including operating authority revocation for Unsatisfactory ratings. Employment verification records under §391.23 are a standard examination area in every Compliance Review.

Focused Review. A narrower investigation targeting a specific BASIC (Behavior Analysis and Safety Improvement Category) where the carrier has elevated scores. If your Driver Fitness BASIC is elevated, expect deep scrutiny of DQ files and employment verification records specifically. The scope is narrower, but the depth of questioning within that scope is greater.

The key variable across all three: reviewer experience and follow-up depth. New Entrant audits are largely document-presence checks. Compliance Reviews are process interrogations.

The Document Requests Reviewers Always Make

When a reviewer sits down with your files, certain requests are standard regardless of audit type. These are the documents you should be able to produce immediately, organized by driver.

§391.23 investigation records. This is the employment verification file for each driver — the actual documentation of outreach to prior employers for the three years preceding hire. "Documentation" means more than a completed form. Reviewers want to see the method of contact (call, email, fax), the date of each attempt, the name of the person who responded, and what was reported. For the full picture of what belongs in this file, see the DOT Driver Qualification File Audit Trail guide covering §391.23 and §391.51.

§391.51 Driver Qualification File. The complete DQ file for each driver in the sample. This includes the driver application (§391.21), motor vehicle record, road test certificate or equivalent under §391.31–391.33, medical certificate, CDL copy, and annual review documentation. Missing or expired documents in a sampled file will be noted as violations.

Drug and alcohol testing records. Pre-employment drug test results, Clearinghouse query confirmation, and random testing program documentation under Part 382. Reviewers check that the Clearinghouse query was run before the driver operated a commercial motor vehicle — not after the first day of work.

Accident register. The §390.15 accident register covering the past three years. Reviewers cross-reference this against driver files to check for undisclosed incidents.

Driver application (§391.21). The signed application listing 10 years of employment history. Reviewers compare the employment history listed here against the verification records in the §391.23 file — if there's an employer on the application with no corresponding verification attempt, that's a finding.

Road test certificate. Or a copy of the driver's CDL as a substitute, per §391.33. Missing road test documentation is one of the more common DQ file violations found in Compliance Reviews.

The Follow-Up Questions That Fail Audits

This is where audits actually go sideways. The documents exist. The verifications were completed. But the reviewer asks a question, and the answer doesn't hold up.

Here are the questions that appear most frequently — and what a good answer looks like versus a failing one.

"Show me the timeline from hire date to verification completion for this driver."

Good answer: A timestamped record showing the verification request was sent within the hiring window, attempts were logged on specific dates, and the verification was completed before or within a documented post-hire period.

Failing answer: "We completed it — it's in the file." With no timestamps, no attempt log, and no way to reconstruct the sequence of events.

Under §391.23, carriers must make a good-faith effort to obtain safety performance history from all employers in the prior three years. The regulation doesn't specify a pre-hire deadline for completion, but reviewers look hard at verifications completed weeks or months after hire with no documented attempt trail. That gap tells a story.

"Why did this verification take 45 days?"

Good answer: An attempt log showing initial contact on Day 1, follow-up on Day 3, a second follow-up on Day 10, documented non-response from the prior employer, and escalation to a secondary contact method.

Failing answer: No attempt log. A single completed form with no record of how many contacts it took to get there.

The good-faith effort requirement under §391.23(c)(2) is not satisfied by a completed verification alone. It's satisfied by documented attempts — including failed ones.

"Who at your company called this employer?"

Good answer: A call log or system record showing the name of the staff member who made contact, the date and time, the name and title of the person who responded, and what was reported.

Failing answer: A handwritten note on a sticky tab. Or nothing — the recruiter who made the call left the company six months ago and took the institutional knowledge with them.

This question exposes one of the most common structural weaknesses in manual verification workflows: the documentation lives in someone's memory or informal notes rather than in a system of record.

"Show me your attempts when employer A didn't respond."

Good answer: A log showing three or more contact attempts across different methods (phone, email, fax), with dates and outcomes documented for each.

Failing answer: "We tried calling but they didn't pick up." No log. No follow-up attempts. No documentation that good-faith effort was made before moving on.

Per §391.23(c)(3), carriers are expected to report non-responsive prior employers to FMCSA. Reviewers know this. When they see a verification file with a single contact attempt and a "no response" notation, they ask what happened next.

"Where is the recording or transcript of this verbal verification?"

Good answer: A call recording or written transcript of the conversation, including the name and title of the person who provided the information, stored in the driver's verification record.

Failing answer: A completed form with "verified by phone" written in the method field. No recording. No transcript. No way to confirm what was actually said or who said it.

FMCSA regulations permit verbal verification — §391.23(c)(2) allows telephone interviews as an acceptable method. But "permitted" doesn't mean "undocumented." A verbal verification with no supporting record is a process gap waiting to be found.

"How do you know the person who answered the phone was authorized to verify employment?"

Good answer: A record showing the contact was the HR director, the safety manager, or another identified individual at the prior employer, with their name and title documented.

Failing answer: "Someone answered and confirmed the dates." No name. No title. No way to establish that the person had authority to provide safety performance history.

This question is less common but appears in deeper Compliance Reviews. It goes to the reliability of the verification, not just its existence.

"What did you do when employer B refused to respond?"

Good answer: Documentation of multiple contact attempts, a notation that the employer declined to provide information, and evidence that the carrier filed a complaint with FMCSA per §391.23(c)(3).

Failing answer: Nothing. The carrier moved on, hired the driver, and has no record of what happened with the non-responsive employer.

"Show me your retention policy and the actual deletion log."

Good answer: A written retention policy consistent with FMCSA requirements — DQ files retained for the duration of employment plus three years after termination — and records that match the policy.

Failing answer: A policy document that doesn't match actual practice, or no policy at all. Reviewers sometimes find files for drivers who should have been retained but were purged, or vice versa.

Illustration for the first concept of the article

The 5 Audit Red Flags That Trigger Expanded Review

Reviewers sample files. But certain patterns cause them to expand the sample — pulling more drivers, asking more questions, and escalating the depth of the review. These are the five most common triggers.

  1. Gaps in the verification timeline. A hire date that precedes the verification completion date by more than a few days, with no documented attempt trail explaining the gap. This is the single most common §391.23 finding in Compliance Reviews.
  2. Missing failed-attempt logs. Completed verifications with no record of how many attempts were required. If every verification in the file looks like it was completed on the first try with no documented outreach history, that's a pattern worth questioning.
  3. Identical-looking templated employer responses. When every employer response uses the same format, the same language, and the same structure, reviewers sometimes question whether the responses are genuine. This is more common when carriers use informal templates that get filled in by recruiters rather than responses generated by the prior employer directly.
  4. Verifications completed before the hire date. An impossible timestamp — a verification dated before the driver submitted an application. This typically indicates a data entry error, but it flags the entire file for closer review.
  5. Retention inconsistencies. Files that should exist don't, or files that should have been purged are still present. Either pattern suggests the carrier's retention practice doesn't match its stated policy.

Pre-Audit Self-Check: 10 Questions to Run on Your Own Files

Run this against a random sample of five to ten drivers before any scheduled or anticipated audit. These are the questions a reviewer would ask.

  • Can I show the exact date each §391.23 verification request was initiated?
  • Do I have a documented attempt log for every driver, including failed attempts?
  • Is the name and title of the person who provided each verification recorded?
  • For verbal verifications, is there a recording or written transcript on file?
  • For non-responsive employers, is there documentation of multiple contact methods and a FMCSA complaint where required?
  • Does the hire date come after — or on the same day as — verification completion, or is there a documented explanation for any gap?
  • Are Clearinghouse query results on file and dated before first day of operation?
  • Does the employment history in the §391.21 application match the employers in the §391.23 verification file?
  • Is there a written retention policy, and do the files in the system match it?
  • For drivers terminated more than three years ago, have files been purged per the retention policy?

If you can't answer "yes" with supporting documentation for every question, you have work to do before a reviewer asks the same questions.

For a deeper look at how to structure the DQ file itself to pass these checks, see the DOT Driver Qualification File Audit Trail guide for §391.23 + §391.51.

Illustration for the second concept of the article

How AI Verification Agents Change Audit Prep

The follow-up questions that fail audits — "who made the call," "show me the attempt log," "where's the transcript" — have a common denominator: they require documentation that manual verification workflows often don't produce.

When a recruiter calls a prior employer, writes down the result on a form, and files it, the documentation trail ends there. The name of the person who answered. The time of the call. The number of attempts before someone picked up. Whether the call was recorded. Whether the person who answered was identified by name and title. None of that exists in a manual workflow unless someone specifically built a system to capture it.

AI verification agents change the equation. Superunit's agents call, email, and fax prior employers automatically — with every outreach attempt timestamped, every call recorded and transcribed, and every employer contact identified by name and title where possible. The result is a verification record that can answer every follow-up question a reviewer might ask: who contacted the employer, when, by what method, how many attempts were required, what was said, and by whom.

That's the structural difference between a manual verification that passes a document-presence check and an AI-generated record that survives a process interrogation.

Other platforms in this space — HireRight, Tenstreet, Foley, DriverFacts — each approach verification documentation differently. When evaluating any platform for FMCSA audit readiness, the questions to ask are the same ones a reviewer would ask: does the system produce an attempt log, a contact record, and a transcript or recording for every verification? For a broader look at audit-ready documentation across DOT verification platforms, see more articles in the Superunit blog.

For carriers building or rebuilding a compliant verification workflow from scratch, see the FMCSA-compliant DOT previous employment verification guide.

Frequently Asked Questions

What does an FMCSA Compliance Review actually examine?

An FMCSA Compliance Review is an in-person examination of a motor carrier's safety management practices and records across six BASICs: Unsafe Driving, Hours of Service Compliance, Driver Fitness, Controlled Substances/Alcohol, Vehicle Maintenance, and Hazardous Materials Compliance. For driver qualification and employment verification, reviewers examine §391.23 investigation records, §391.51 DQ files, drug and alcohol testing documentation, and the accident register. The review results in a safety rating of Satisfactory, Conditional, or Unsatisfactory.

What's the difference between a New Entrant audit and a Compliance Review?

A New Entrant Safety Audit is a mandatory one-time review conducted within 12 months of a carrier receiving its DOT number. It's typically conducted online or by phone and results in a pass or fail determination based on whether basic safety systems are in place. A Compliance Review is triggered by safety performance concerns — poor CSA scores, crashes, complaints — and is conducted in person by an experienced FMCSA safety investigator. Compliance Reviews result in a safety rating with real operational consequences, and the depth of questioning is substantially greater.

How far back do FMCSA reviewers go in verification records?

For §391.23 employment verification, reviewers examine records covering the three years prior to each driver's hire date. For the §391.51 DQ file overall, carriers are required to retain records for the duration of employment plus three years after termination. Reviewers may examine any driver hired within the past three years, so the practical window for audit exposure is the carrier's active driver roster plus recent terminations.

What happens if FMCSA finds gaps in your verification process?

Findings related to §391.23 violations can result in civil penalties. FMCSA civil penalty ranges for driver qualification violations are published at 49 CFR Part 386, Appendix B. Beyond financial penalties, a pattern of §391.23 violations contributes to an elevated Driver Fitness BASIC score, which can trigger additional scrutiny, Conditional safety ratings, and — in severe cases — operating authority consequences. Carriers with Unsatisfactory ratings have a limited window to correct deficiencies before operating authority can be revoked.

Can AI verification calls satisfy FMCSA documentation requirements?

Yes. §391.23(c)(2) explicitly permits telephone interviews as an acceptable method of investigation. The key requirement is documentation: the regulation requires that the investigation be documented and retained. An AI-conducted call that produces a recording, a transcript, a timestamped attempt log, and an identified contact at the prior employer satisfies both the method requirement and the documentation requirement. The question is not whether AI calls are permitted — they are — but whether the system producing those calls generates the documentation that survives a follow-up question.

Illustration for the third concept of the article

What to Do Before the Reviewer Arrives

The audit you're most likely to fail is not the one where records are missing. It's the one where records exist but the process behind them can't be explained.

Run the self-check above against a sample of your files today. If you find gaps — missing attempt logs, undocumented verbal verifications, timeline inconsistencies — address them before a reviewer does.

If you're evaluating verification platforms with FMCSA audit readiness as a requirement, browse more articles in the Superunit blog for the platforms DOT safety directors are comparing in 2026. For a deeper look at how to build the complete DQ file structure, see the DOT employment verification guide for trucking companies and the AI employment verification audit trail guide.

Book a demo with Superunit to see how AI-generated verification records are structured for FMCSA audit review.