If the phrase "audit prep" makes you think of a long week with ring binders, this guide is for you. The audit-week scramble is a symptom — and the IOs who walk through reviews comfortably have usually stopped doing it altogether.
What the review is actually testing
Your Quality Management System is a promise: this is how our site ensures inspections are done properly, by authorised people, with records to prove it. An NZTA review tests whether that promise is true in practice.
That distinction matters, because it changes what preparation means. Reviewers don't just want to see that your QMS manual exists — they sample reality against it. Records pulled and examined. Registers checked for currency. Staff asked questions a current inspector should be able to answer. If the manual says one thing and the workshop does another, the gap is the finding.
The registers that need to be alive, not archaeological
Every IO carries a set of operational registers — the exact set depends on your QMS, but the usual suspects are:
- Equipment and calibration — what's in service and when it expires
- Training records — evidence of competence and currency, not just attendance
- Complaints and their resolution
- Document control — which versions of which forms are current
The test for each one is simple: if a reviewer asked for it right now, would you hand it over or start assembling it? A register that has to be reconstructed is a register that wasn't really being kept. The QMS registers every IO must keep runs through the full set.
Records: the evidence layer
Inspection records are where most review time goes, because they're where the system proves itself. Three properties matter:
- Complete — every inspection recorded with the required detail, including reasons for rejection that can be understood months later.
- Retrievable — any checksheet locatable on request, quickly.
- Trustworthy — records that demonstrably haven't been altered after completion, with rechecks connected to their original inspections.
This is also where going digital changes the audit experience most: records that lock on completion and retrieve in seconds remove an entire category of finding — and an entire category of audit-day stress. (For how long each record must be retained, see record retention requirements for IOs.)
During the review: evidence beats assertion
The strongest position in any review conversation is handing over the record rather than explaining what usually happens. "Here's the register" outperforms "we always do that" every single time. Brief your team the same way: answer what's asked, show the evidence, and if something isn't right, say so plainly — reviewers respond far better to a site that knows its own weaknesses than one that's surprised by them.
After the review: corrective actions that actually close
Findings are normal. What separates sites is what happens next. A corrective action that closes properly has three parts:
- The instance fixed — the specific record, register, or process corrected.
- The cause addressed — what allowed it, changed so it can't simply recur.
- The evidence kept — the finding, the action, and its follow-through recorded, so the next review sees a closed loop instead of a repeat.
A finding that reappears at the following review is the worst outcome — it tells the reviewer the site fixes paperwork, not causes. Corrective actions that actually close goes deeper on making fixes stick.
Continuous readiness, not heroic preparation
Everything above compresses into one principle: be the site where the audit is just another Tuesday. Registers maintained as part of the job, records that keep themselves complete and locked, corrective actions tracked to closure. That's precisely the workflow the QMS Compliance Centre is being built to hold — but system or no system, the goal is the same: the week before your next review should look exactly like every other week. The discipline that gets you there is internal self-assessment between audits.