Cypress runs the New Entrant Safety Audit response end-to-end for our customers. This guide explains what the audit actually examines and what a clean outcome looks like — not a DIY playbook for assembling the response.

Why the first audit is the one that sets the trajectory

The New Entrant Safety Audit notice usually arrives in months six through eighteen of operation. It comes by email, sometimes followed by a phone call from the assigned auditor. The notice specifies the audit type (on-site, off-site, or hybrid), the time period being reviewed, and the document categories the auditor will examine. The thirty days that follow are either a procedural matter that closes cleanly, or a scramble that produces findings and stress. The difference is almost entirely what was happening in the file room before the notice arrived.

The audit is verifying that a basic safety management program exists and that the records back it up. It is not designed to fail carriers — most pass — but it is also not a courtesy review. A carrier that has been sloppy with the file room fails for clerical reasons that have nothing to do with operational safety. A pattern of findings can result in a Conditional rating, additional monitoring, or in serious cases a proposal to revoke authority. Those outcomes are rare, but they trace predictably from records that were never organized in the first place.

The audit also matters because it closes (or extends) the New Entrant monitoring window. After eighteen months from authority activation, a carrier that passed cleanly comes out of the New Entrant designation and is treated as a standard motor carrier going forward. A carrier whose audit produced findings can remain under additional monitoring or face further review. The first audit is the moment when year one's compliance practice either gets validated or gets exposed.

What the audit examines

The audit reviews five document categories across the operational history. The auditor's lens is consistent: is documentation present for every regulatory requirement, is it internally consistent across records, are issues showing a pattern of corrective action, is the maintenance program actually being followed, is the drug-testing program documented and active.

Driver records. Driver Qualification File for each driver: application, MVRs (initial and annual), unexpired medical examiner's certificate, previous-employer inquiries, pre-employment drug test, pre-employment Clearinghouse query, annual certification of violations, road test certificate or CDL equivalent.

Vehicle records. For each truck operated during the audit period: annual inspection certificates current, preventive-maintenance records, repair invoices, Driver Vehicle Inspection Reports with defects matched to corresponding repair records.

Hours-of-Service records. ELD records covering the audit period plus supporting documents (bills of lading, fuel receipts, toll records). Log edits annotated with reasons. Documentation of any HOS violations and the corrective actions that came after.

Drug and alcohol program. C/TPA enrollment current, records of random selections, any reasonable-suspicion or post-accident tests, Clearinghouse query records, the carrier's written policy.

Insurance and operating authority. Current BMC-91 filing, MCS-150 update within the biennial cycle, UCR registration, BOC-3 designation, and a crash/accident register — which has to exist even when empty.

What a clean audit outcome looks like

When Cypress runs the audit response for a customer, the markers of a clean outcome include:

  • The notice is acknowledged within days, not weeks. Silence reads as disorganization before the substantive review begins.
  • The response is submitted in the format the auditor requested, by the deadline, complete on first pass. Late or incomplete submissions produce more findings, not fewer.
  • Every document the auditor asks for is in the package on first request. No chasing a previous-employer inquiry that should have been in the file from hire date.
  • Internal consistency holds across records. ELDs do not show movement during sleeper-berth periods, fuel receipts do not time-stamp during off-duty hours, BOLs match dispatch records, DVIR-flagged defects show matching repair invoices.
  • The audit closes with no findings, or with findings the auditor considers correctable. The eighteen-month monitoring window closes, the carrier comes out of New Entrant designation, and authority continues normally.

Where this goes wrong

The audit findings cluster around a recognizable set of patterns. Missing documents — a DQF without a previous-employer inquiry, a truck without an annual inspection certificate, a driver without a current medical card on file — each immediately citable. Internal inconsistencies that suggest log falsification or sloppy supporting-document discipline. Patterns of HOS or maintenance violations with no documentation of coaching or operational response, signaling that issues are recognized only by enforcement, not by the carrier. DVIR-flagged defects with no matching repair records. Outdated certificates (annual inspections more than twelve months old, expired medical cards, lapsed insurance filings).

A single isolated issue is usually not catastrophic; it gets noted and the auditor moves on. A pattern across categories produces a more serious finding and can extend the monitoring window. Non-responsiveness — being slow to address auditor questions or failing to address them at all — is what escalates a routine audit into probationary monitoring or worse.

How Cypress handles this

Cypress runs the compliance file continuously for our customers across year one, so the audit response is a packaging exercise, not a record-creation exercise. When the notice arrives, the DQFs are organized in the format the auditor will request, the maintenance file reconciles DVIRs to repair invoices, the HOS records have supporting documents aligned, the Clearinghouse queries are logged, the C/TPA membership is current, the BMC-91 and BOC-3 are active on the FMCSA record, and the customer's IFTA, IRP, HVUT, UCR, and MCS-150 all check out. We acknowledge the notice with the auditor, package the response in the requested format, submit on time, and handle any back-and-forth correspondence through audit closure.

Per Cypress's direct-build posture, the compliance file lives in our system in the customer's name. The carrier's records are not aggregated into a third-party platform that may also serve competitors, and the audit response goes from us directly to the FMCSA auditor.

Get this done

If you would rather have your authority, ongoing compliance, and the audit response handled as one operation by a team that runs these responses every week, Cypress Authority Services is the sister brand that runs that work for Dispatch Rail customers.


Cypress Authority Services is a sister brand operated by the same team that runs Dispatch Rail.