Most Qualified Security Assessors (QSAs) will tell you that one of the biggest ways PCI-regulated companies waste their money is through poor logistical planning prior to the audit itself. Companies need to think several steps ahead, preparing for the audit by keeping gradual and meticulous records throughout the year to avoid the eleventh-hour scramble to re-create documentation before the audit begins. Every kind of auditor, whether a PCI QSA or not, cites lack of documentation as the biggest pet peeve during the audit process.”]
Source: https://www.darkreading.com/compliance/a-common-sense-secret-for-cheaper-pci-audits