Certification contracts are valid for three years. After the certification audits, there are yearly surveillance audits.
Surveillance audits are mostly about checking if your management system is working as designed. So, pay special attention to your records. Are all the incidents being recorded? Measurements, complaints, corrective actions, non-conformities, internal audits, and management review, etc. Remember, if your organization had any minor non-conformity or observations during the certification audit, be sure that auditors will look into those issues with special care to confirm that actions were taken and close those nonconformities.
Surveillance audits will take less time to perform than the original certification audit. Auditors are not so much concerned with the quality management system design, but with its maintenance. I cannot tell you what auditors will ask but I can assure you that they will start each time by looking at your key activities (such as management review, internal audit, corrective actions and complains treatment), and will then only look at some of the remaining parts within your management system.