Recognize audit triggers so you can prepare

Inspections often start with a spill, a customer complaint, or routine oversight.

Guidance from the DOT and FAA shows audits fall into two main types: agency‑initiated regulatory inspections and voluntary third‑party audits.

• New entrants often receive a safety audit, including a HazMat component, within the first 12 to 18 months of operation.
• Past violations, low CSA scores, or formal complaints can trigger a regulator to inspect your operation.
• Spills, incident reports, or NRC/DOT filings will prompt immediate attention and likely an on‑site visit.
• Targeted enforcement focuses on high‑risk shipments, such as undeclared lithium batteries or certain radioactive materials.
• Significant operational changes or permit applications can also draw a regulatory review.

This post walks through what inspectors commonly review.

You'll get a practical checklist covering scope, records, packaging and labeling, on‑site inspections, common findings, and assembling corrective actions.

See our audit‑ready training file for a quick template to organize the records auditors expect to review.

Know who will show up and exactly what they’ll review

Wondering whether an audit will be a quick paper check or a full on‑site review? Inspections fall into two camps: agency‑led regulatory inspections and voluntary third‑party audits.

Regulatory visits are usually triggered by specific events or oversight priorities. Third‑party audits are proactive and often broader in scope.

Common triggers that bring a regulator to your door

• New entrants often face a safety audit, which commonly includes a HazMat component within the first 12 to 18 months.
• Past violations, low safety scores, or formal complaints make regulators more likely to inspect your operations.
• Spills, incident reports, or NRC/DOT filings typically prompt immediate on‑site attention.
• Targeted enforcement focuses on known high‑risk areas like undeclared lithium batteries or certain radioactive materials.
• Operational changes, new permits, or inconsistent reporting can also trigger a regulatory review.

Which regulations auditors will map to your operations

Auditors map what they find to the rules that apply to your transport modes and waste handling. Know which rule set covers each part of your operation.

• 49 CFR (Parts 100–185) administered by PHMSA is the primary U.S. reference for multimodal hazmat transport.
• Air shipments are checked against FAA requirements and the ICAO Technical Instructions, with airlines enforcing IATA Dangerous Goods Regulations.
• Sea transport is evaluated against the IMDG Code from the IMO, which U.S. rules reference for applicable shipments.
• Hazardous waste handling follows RCRA rules (40 CFR Parts 260–265) and is audited as cradle‑to‑grave management.

A third‑party audit will usually go further than a regulator. Expect a gap analysis of procedures, vendor SDS accuracy, training effectiveness, and supply‑chain controls.

Prepare by mapping roles to the applicable rule sets and gathering training and shipping records. Our audit‑ready training file is a quick template to organize what auditors expect to see.

Exactly which records auditors will pull — and how long to keep them

Auditors want a tidy, accessible packet of the records that prove you operate safely and by the rules.

Gather these documents in advance and label retention dates so you can answer requests on the spot.

Essential documents and retention timelines

• Training records for each hazmat employee, including the employee name, most recent completion date, training materials, trainer name/address, and employer certification. According to PHMSA, keep these records three years from the last training and 90 days after the employee stops hazmat duties.
• Recurrent and function‑specific training proof. IATA requires recurrent air dangerous goods training every 24 months, while DOT recurrent training is typically every three years. IATA guidance
• Shipping papers and shipper's declarations for non‑waste hazardous materials. Under 49 CFR, retain these papers for two years after the initial carrier accepts the shipment. 49 CFR 172.201
• Hazardous waste manifests. RCRA requires generators and transporters to keep manifest copies for three years, and signed copies from the disposal facility for three years from acceptance. EPA manifest guidance
• Permits, written procedures, and records of waste determinations. Keep permits while active and maintain procedure records and waste determinations per the issuing rule or for at least three years where RCRA applies.
• Written security plan. If your materials fall under 49 CFR 172.800, keep the security plan while it is in effect and review it annually. 49 CFR 172.800
• Packaging and manufacturer certification documents. Keep construction, test, and certification files to prove packaging meets DOT or UN standards and is available for inspection.

How to organize files so an auditor finds what they need fast

We recommend a single executive audit packet with an index, plus role‑based folders for each department.

Use a training matrix that maps job roles to required courses so you can pull individual employee files instantly.

See our audit‑ready training file and training matrix guide for templates and a role‑mapping walkthrough.

Quick takeaway: assemble training files, shipping papers, manifests, permits, security plans, and packaging proofs before an audit. Label retention dates and map roles to trainings to make review painless.

What auditors look for during the escorted facility walk‑through

An auditor walk‑through is part inspection and part verification. You should treat it like a live exam.

Start by verifying credentials and offering appropriate PPE. Our advice is to escort them with one technical lead and one note taker.

Packaging, marking, labeling and placarding the auditor will verify

Auditors check that outer packages bear valid UN/specification markings and are free of damage. They will verify closures, inner packaging, and that marks and labels are legible and correctly placed.

• Lithium batteries get close scrutiny. Auditors confirm UN 38.3 testing, correct UN numbers (for example UN3480 or UN3090), and the correct battery mark or Class 9 label as appropriate. See PHMSA's Lithium Battery Guide.
• Dry ice must be identified as UN 1845 and packed so gas can vent. Auditors look for the Class 9 label and accurate net weights on paperwork.
• Class 7 radioactive packages are checked for the right package type, transport index marking, and correct White or Yellow labeling based on activity levels.

Common on‑site findings and immediate evidence to present

Inspectors most often find missing training records, incorrect shipping names, and labeling or packaging errors. These are the frequent violations auditors cite.

• Show training rosters and individual certificates for the employee roles handling hazmat.
• Provide the shipping papers, SDSs, and any manufacturer packaging certifications for the shipment in question.
• If you corrected a problem on the spot, document the correction with photos, timestamps, and the name of the person who performed it.

Being organized and calm reduces escalation. Keep an inspection kit and an indexed audit packet ready.

Practical remediation that satisfies auditors and regulators

When the auditor issues findings, perform a root‑cause analysis before proposing fixes. Regulators expect evidence you addressed the cause, not just the symptom.

1. Compile a corrective action plan that lists each violation, root cause, the corrective action, a responsible job title, and a realistic completion date.
2. Prioritize fixes with a simple risk matrix so auditors see you focused on safety‑critical gaps first.
3. Document completion with dated photos, updated procedures, training sign‑offs, and supplier certificates to verify effectiveness.

Audit‑ready actions to finish first

Keep these final steps top of mind so an inspection doesn't catch you off guard.

• Know the audit type and the exact regulations that apply to each part of your operation.
• Assemble an executive audit packet with training records, shipping papers, permits, packaging proofs, and retention dates.
• Rehearse escorted walk‑throughs with a technical lead and a note taker so everyone knows their role.
• Use a CAP template that lists each finding, root cause, responsible job title, realistic deadlines, and required evidence.

Routine self‑audits and centralized digital records cut risk and speed your response to probable violation notices.

Start with our audit‑ready training file for a step‑by‑step template. See our written security plan guide for organizing your security assessment and plan.

Need help preparing or want a mock audit? TMGI can run a readiness review and build your CAP. Call our Strongsville office at (866) 572-8644 or email twagner@tmgihazmat.com.