Direct Answer
There is no single trigger that causes an FAA audit of a Part 135 operator, and the FAA does not publish a guaranteed list of triggers. Oversight runs under the Safety Assurance System (SAS) — the FAA’s risk-based, data-supported framework described in FAA Order 8900.1 — which plans certification, surveillance, and Continued Operational Safety activities around the assessed risk of each operation, continuously rather than on a fixed calendar.
In practice, the factors widely recognized as raising an operator’s risk profile — and drawing more focused or more frequent attention — include accidents and incidents, complaints and reports, trends in operational and safety data, rapid growth or fleet and route changes, turnover in required management personnel, and unresolved or repeat findings from prior surveillance. These are influences on a risk-based model, not mechanical triggers. The operators who fare best are the ones who treat oversight as continuous and keep every qualification, training, and maintenance record current and instantly retrievable.
A note on what we will not do in this article
We will not invent specific surveillance triggers, percentages, “audit every N months” intervals, or enforcement statistics. The FAA does not publish a public formula that converts your data into a fixed audit schedule, and pretending one exists would be misleading. Everything below is framed qualitatively and tied to primary sources — the regulations on Cornell’s Legal Information Institute, and the FAA’s own description of SAS as a risk-based system.
How FAA Oversight Actually Works: The Risk-Based Model
To understand what “triggers” scrutiny, you first have to understand how the FAA plans oversight at all. Since 2016, oversight of Part 135 certificate holders has run under the Safety Assurance System (SAS), which the FAA describes as a standardized, risk-based, data-supported system used to perform certification, surveillance, and Continued Operational Safety (COS). The policy and procedures live in FAA Order 8900.1, Volume 10. Crucially, SAS and Order 8900.1 are FAA guidance and systems — not regulations. You will not find SAS in the Code of Federal Regulations, and any article that cites a “CFR section” for SAS surveillance triggers is mixing the two up.
The practical meaning for an operator is straightforward: your assigned Principal Operations Inspector (POI) and Principal Maintenance Inspector (PMI) do not simply show up once a year and call it done. They plan oversight around the assessed risk of your specific operation. A stable operator with clean data and no recent events may see routine planned surveillance. An operator with a recent incident, a spike in complaints, fast growth, or unresolved prior findings may see more focused or more frequent attention. The system is designed to point finite oversight resources at where risk appears highest.
SAS (FAA oversight) is not your SMS (your safety program)
These two acronyms get confused constantly, so it is worth separating them cleanly:
SAS — the FAA’s system
The Safety Assurance System is how the FAA conducts risk-based oversight of you. It is guidance and software the FAA uses — described in Order 8900.1. You do not run it; you are subject to it.
SMS — your program (Part 5)
Your Safety Management System is a program you build and run under 14 CFR Part 5, with a single industry deadline of May 28, 2027 for affected Part 135 operators. It is a regulation, not FAA oversight tooling.
The FAA holds data about your certificate
Your certificate history, prior surveillance results, reported events, and operational data form a picture of your operation. SAS is, by the FAA’s own description, data-supported.
Inspectors plan oversight around assessed risk
Your POI and PMI plan certification, surveillance, and Continued Operational Safety activities around where risk appears highest — not on a uniform calendar applied identically to every operator.
Certain events sharpen the focus
A reportable incident, a credible complaint, rapid growth requiring new authority, a management change, or an unresolved prior finding can prompt more focused or event-driven attention in that area.
Findings feed back into the picture
Findings generate corrective action plans the FAA tracks for completion and effectiveness. Repeat findings in the same area can escalate the agency’s response and keep that area in focus.
If you want the document-by-document view of what an inspector requests once a surveillance visit is actually underway — organized in the order the POI pulls it — that lives in our companion guide, How to Prepare for a Part 135 FAA Surveillance Audit. This article is the upstream question: what makes the FAA look more closely in the first place.
You can’t control when the FAA looks — only whether you’re ready
The free FAA Readiness Score walks through the document areas inspectors care about and shows you which gaps are most likely to surface — so a focused look finds a clean operation, not a scramble. No signup required; takes under 3 minutes.
Run the Free FAA Readiness ScoreSix Factors That Raise a Part 135 Operator’s Risk Profile
These are the factors most commonly recognized as drawing additional FAA attention under risk-based oversight. They are influences on a risk-based model, not guaranteed triggers — the FAA decides independently how to plan oversight. For each, we add the records angle: the part FileFlo can actually help with.
Accidents, incidents, and reportable events
A reportable event changes the risk picture and can prompt focused, event-driven attention.
After an accident or incident, the FAA commonly looks closely at the records surrounding the event — the pilots involved, the aircraft, the maintenance history, and whether procedures in your manuals were followed. The scope and depth are set by the FAA, not by any formula. The records that matter most are the ones that show the operation was conducted by qualified crew in an airworthy aircraft under current procedures.
The records angle: Pilot qualification and currency records, the aircraft airworthiness and maintenance history, and your current manual revisions should be retrievable immediately — not reconstructed after the fact.
Complaints, reports, and allegations
Passengers, employees, competitors, or other operators can prompt a closer look at a specific area.
A credible complaint can lead the FAA to focus on a particular part of your operation. Common subjects include allegations of illegal or "grey" charter, maintenance shortcuts, and duty-time problems. The FAA decides independently whether and how to act; a complaint is an input, not an automatic finding. A more focused look at one area is a realistic outcome.
The records angle: When inspectors do focus on an area, clean, consistent records in that area let the documentation tell a compliant story rather than raising new questions.
Trends in your operational and safety data
The FAA describes SAS as a data-supported system; data patterns inform where attention goes.
The Safety Assurance System is, by the FAA’s own description, risk-based and data-supported. Patterns and trends in the data the FAA holds about your certificate inform how oversight is planned. This is qualitative from the operator’s side — the FAA does not publish a public formula that converts data into a specific audit schedule, and you should not assume one exists.
The records angle: Internally, surfacing your own compliance trends — what is expiring, what lapsed, what was corrected — helps you find and fix gaps before they become part of anyone else’s picture of your operation.
Rapid growth and operational change
New aircraft, new types, new bases, and new authority each alter the risk picture.
Adding aircraft, aircraft types, bases, or operating authorities changes the shape of your operation and often requires OpSpecs or LOA amendments. New authority frequently comes with its own validation. Growth is not a problem to be avoided — it is a phase that comes with more records to keep current, and the operators who scale cleanly are the ones whose document systems scale with them.
The records angle: More pilots means more training and currency records; more aircraft means more airworthiness and maintenance records. Keeping that growing volume organized and retrievable is a document-management problem you can get ahead of.
Changes in required management personnel
Turnover in key Part 119 roles and the Part 5 accountable executive can prompt review.
Under 14 CFR Part 119, a Part 135 certificate holder must have qualified management personnel in roles such as Director of Operations, Chief Pilot, and Director of Maintenance, and the FAA reviews the qualifications of the people filling them. Under 14 CFR Part 5, the operator designates an accountable executive with final authority and ultimate responsibility for safety. Changing the people responsible for compliance can naturally prompt the FAA to confirm the new personnel are qualified.
The records angle: Designation letters, qualification records, and currency documents for these roles should live in one organized place so a personnel change does not become a records scramble.
Prior findings and repeat issues
Unresolved or repeat findings signal a problem area that may not be fully corrected.
When a finding produces a corrective action plan, the FAA generally tracks whether the correction was completed and effective. A pattern of repeat findings in the same area can escalate the agency’s response. Under 14 CFR §13.11, certain apparent violations may be handled administratively via a Warning Notice or Letter of Correction rather than legal enforcement — but the corrective commitments still have to be met and proven.
The records angle: The cleanest way to retire a finding from your risk picture is to fix the root cause and keep the records that prove it was fixed and has stayed fixed.
These factors compound — and so does the records burden
A fast-growing operator that just changed its Director of Operations and had an incident last quarter is carrying several risk factors at once. None of them is a verdict, but together they make a clean, current, instantly retrievable records posture more valuable — because if the FAA does look closely, the documentation should reinforce the operation rather than become a second problem.
Myths vs. Reality About FAA Audit Triggers
A lot of hangar-talk about FAA audits is wrong in ways that lead operators to either panic or get complacent. Here is what the primary sources actually support.
Myth: “The FAA audits every Part 135 operator on the same fixed schedule.”
Reality: Oversight is risk-based and continuous under SAS, not a uniform calendar applied identically to everyone. Two operators of similar size can see very different oversight depending on their data, events, and history.
Myth: “If I just stay quiet, the FAA won’t notice me.”
Reality: The FAA already holds data about your certificate, and complaints can come from passengers, employees, competitors, or other operators. “Flying under the radar” is not a compliance strategy — being audit-ready regardless of when anyone looks is.
Myth: “There’s a secret percentage or formula that triggers an audit.”
Reality: The FAA does not publish a public formula that converts your data into a fixed audit schedule, and you should be skeptical of any source that claims a specific trigger percentage or “audit every N months” number. The honest answer is that it is qualitative and risk-based.
Myth: “A complaint automatically means I’m getting a finding.”
Reality: A complaint is an input, not a verdict. The FAA decides independently whether and how to act. A realistic outcome is a more focused look at one area — which clean records in that area help you pass.
Myth: “Growth is dangerous because it triggers audits.”
Reality: Growth changes your risk picture and often requires new authority, which can come with validation — but it is a normal phase, not something to avoid. The operators who scale cleanly are the ones whose record systems scale with the fleet and roster.
Myth: “Once I close a finding, it’s gone for good.”
Reality: Findings feed back into your risk picture, and repeat findings in the same area can escalate the response. Retiring a finding for good means fixing the root cause and keeping the records that prove it stayed fixed.
The One Thing You Actually Control: Your Records Posture
You cannot control whether a passenger complains, whether an incident occurs, or how your POI plans surveillance. What you can control is whether your qualification, training, and maintenance records are complete, current, and instantly retrievable the moment anyone looks. That is the difference between a focused FAA look that finds a clean operation and one that finds a paperwork scramble layered on top of whatever prompted the look.
Treat oversight as continuous, not as an annual event
Because oversight is risk-based and event-driven, the only durable posture is always-ready. Build the records system so a focused look on any given week finds current documents — not a two-day assembly project.
Surface expirations before they lapse
The most avoidable finding is an expired record nobody knew was expiring. Expiration tracking on medicals, training checks, and equipment inspections turns a category of risk into a routine reminder.
Keep management and authority records tight
When a Director of Operations or accountable executive changes, designation letters and qualification records should already be organized — so a personnel change does not become a records gap the FAA notices.
Prove that closed findings stayed closed
For any prior finding, keep the corrective-action evidence and the ongoing records that show the fix held. That is what retires a finding from your risk picture rather than letting it linger as a repeat-issue risk.
Where FileFlo fits — and where it deliberately does not
FileFlo is a compliance document intelligence platform — the proof layer. It classifies over 600 document types against the governing regulation, indexes and version-controls them, tracks expiration windows on every medical, training check, and equipment inspection, and produces an organized, audit-ready record set on demand. The goal is simple: whenever the FAA looks, your documentation is already in order.
Just as important is what FileFlo does not do. It does not interpret your risk profile, predict whether you will be audited, or interact with the FAA on your behalf. It does not run your SMS, author your manuals, structure your entity, decide operational control, or amend your OpSpecs. And it does not give legal or tax advice. It organizes and proves the records your other systems and people produce — so the one thing you control is handled, and the rest stays with the professionals who own it.
Keep reading — FAA oversight & Part 135 compliance
Frequently Asked Questions
What triggers an FAA audit of a Part 135 operator?
There is no single trigger, and the FAA does not publish a checklist of guaranteed audit triggers. Under the Safety Assurance System (SAS) — the FAA's risk-based, data-supported oversight framework described in FAA Order 8900.1 — surveillance of a Part 135 certificate holder is continuous and planned around perceived risk rather than a fixed calendar. Your assigned Principal Operations Inspector (POI) and Principal Maintenance Inspector (PMI) plan oversight based on factors such as accidents and incidents, complaints and reports, trends in your operational and safety data, rapid growth or fleet/route changes, turnover in required management personnel, and unresolved findings from prior surveillance. These raise an operator's risk profile and tend to draw more focused or more frequent attention. They are influences on a risk-based model, not mechanical triggers — and FileFlo does not interpret your risk profile or interact with the FAA on your behalf.
Does the FAA audit Part 135 operators on a fixed schedule, or is it risk-based?
It is risk-based and continuous, not a fixed 'audit every N years' schedule. The FAA's Safety Assurance System (SAS), introduced in 2016, is described by the FAA as a standardized, risk-based, data-supported oversight system. Under SAS, your POI plans certification, surveillance, and Continued Operational Safety (COS) activities around the assessed risk of your specific operation. A clean, stable operator with strong data may see routine planned surveillance; an operator with recent incidents, a spike in complaints, or fast growth may see more focused or more frequent attention. Treating oversight as 'one annual visit' rather than continuous readiness is one of the most common operator misconceptions — the safer mental model is that you are always potentially within an oversight window.
Will an accident or incident increase FAA scrutiny of my Part 135 operation?
Accidents and incidents are widely understood to be among the factors that raise an operator's risk profile under the FAA's risk-based oversight model, and they can prompt focused or event-driven surveillance. After a reportable event, inspectors commonly look closely at the records surrounding it — pilot qualification and currency, the aircraft's airworthiness and maintenance history, duty and rest records, and whether your manuals and procedures were followed. The exact scope and depth are determined by the FAA, not by any formula. From a records standpoint, the operators who fare best are the ones whose qualification, training, and maintenance documentation is complete and instantly retrievable, so the paperwork supports the operation rather than becoming a second problem on top of the event itself.
Can a complaint or whistleblower report trigger an FAA investigation of a charter operator?
Yes — complaints and reports are commonly cited as inputs to FAA oversight, and a credible complaint can prompt the agency to look more closely at a Part 135 operator. Complaints can come from passengers, employees, competitors, or other operators, and they frequently concern allegations such as illegal charter (so-called 'grey charter'), maintenance shortcuts, or duty-time violations. The FAA decides independently whether and how to act, and a complaint does not automatically mean a finding. What it can mean is a more focused look at a specific area of your operation. Keeping your records clean and audit-ready does not make complaints disappear, but it does mean that when inspectors do look, the documentation tells a consistent, compliant story.
Does rapid growth or adding aircraft increase FAA oversight under Part 135?
Rapid growth, new aircraft, new aircraft types, new bases, and added route or operating authorities are commonly recognized as factors that can draw additional FAA attention, because each change alters the risk picture of your operation and often requires Operations Specifications (OpSpecs) or Letter of Authorization (LOA) amendments. New authority frequently comes with its own validation and surveillance. The practical takeaway for a growing operator is that the document workload scales with the operation: more pilots means more training and currency records to keep current, and more aircraft means more airworthiness, inspection, and maintenance records. FileFlo helps you keep that growing volume organized, version-controlled, and retrievable — it does not amend your OpSpecs, file with the FAA, or decide what authority you need.
Do management changes — like a new Director of Operations — trigger FAA review?
Changes in required management personnel are commonly understood to be a factor in FAA oversight, and certain key positions require FAA acceptance. Under 14 CFR Part 119, a Part 135 certificate holder must have qualified management personnel in roles such as Director of Operations, Chief Pilot, and Director of Maintenance, and the FAA reviews the qualifications of individuals filling those positions. Under the SMS rule in 14 CFR Part 5, the operator must also designate an accountable executive who holds final authority and ultimate responsibility for safety. Turnover in these roles changes the people responsible for compliance and can prompt the FAA to confirm the new personnel are qualified and the program remains sound. FileFlo can hold the designation letters, qualification records, and currency documents for these roles in one place — it does not decide who is qualified or interact with the FAA.
Do prior FAA findings make future audits more likely?
Unresolved or repeat findings are widely recognized as raising an operator's risk profile under risk-based oversight, because they signal to the FAA that a problem area may not be fully corrected. When a finding leads to a corrective action plan, the FAA generally tracks whether the corrective action was actually completed and effective, and a pattern of repeat findings in the same area can escalate the agency's response. Under 14 CFR §13.11, the FAA may handle certain apparent violations administratively through a Warning Notice or a Letter of Correction rather than legal enforcement — but the corrective commitments still have to be met. The cleanest way to retire a finding from your risk picture is to fix the underlying problem and have the records that prove it was fixed and has stayed fixed.
What is the difference between a routine FAA surveillance visit and a ramp check?
A ramp inspection (ramp check) is a brief, often unannounced spot check of an aircraft, its crew, and its required documents — typically airman and medical certificates, aircraft airworthiness and registration documents, and required onboard paperwork — frequently conducted at the aircraft itself before or after a flight. Planned SAS surveillance is broader and more structured: it looks at your programs, manuals, training and qualification records, and maintenance records across the operation, not just one aircraft on one day. Both are part of FAA oversight, and both reward an operator who can produce current, organized records on demand. For a document-by-document walkthrough of what an inspector requests once a surveillance visit is underway, see our Part 135 surveillance-audit preparation guide.
Be ready before the FAA ever decides to look
You can’t control what raises your risk profile — but you can control whether your records are audit-ready the moment it matters. FileFlo classifies, indexes, version-controls, and tracks expirations across your entire document set, then produces an organized record package on demand. Starter at $89/month. Professional at $299/month (unlimited pilots and aircraft). Five-day free trial, no credit card required.
5-day free trial · No credit card required · Cancel anytime · FileFlo is the compliance proof layer — it does not run your SMS, interact with the FAA, or provide legal or tax advice.