Definition(s)
Audit
An evaluation of a security assessment or security plan performed by an owner or operator, the owner or operator’s designee, or an approved third-party that is intended to identify deficiencies, non-conformities, and inadequacies that would render the assessment or plan insufficient.
Source: API RP 781 Security Plan Methodology for the Oil and Natural Gas Industries.1st Ed. September 2016. Global Standards
Audit
Documented investigation conducted by the purchaser to verify that applicable requirements are being implemented.
Source: API SPEC 17L1, Specification for Flexible Pipe Ancillary Equipment, First Edition, March 2013. Global Standards
Audit
Audit means a systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled.
Source: IMO Resolution A.1083(28), Amendments to International Convention on Load Lines, 1966, 10 December 2013, Regulations
Source: IMO Resolution A.1085(28), Amendments to the Convention on the International Regulations for Preventing Collisions at Sea, 1972, , 10 December 2013, Regulations
Source: IMO Resolution A.1084(28), Amendments to International Convention on Tonnage Measurement of Ships, 1969, 10 December 2013, Regulations
Audit
A formal, scheduled evaluation of an activity or asset with pre-determined objectives, criteria and protocols to test compliance against OMS expectations, implementation and/or performance.
Audits vary in extent of independence and impartiality. This depends on whether the assessment is performed locally within an activity or asset based on “self-assessment”; by auditors appointed internally from other parts of the organisation; or by third parry auditors who are external to the company (imposed, invited).
Source: IOGP Report No. 510, Operating Management System Framework for controlling risk and delivering high performance in the oil and gas industry, International Association of Oil & Gas Producers, June 2014. Global Standards
Audit
Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.
- Note 1 to entry: An audit can be an internal audit (first party) or an external audit (second party or third party), and it can be a combined audit (combining two or more disciplines).
- Note 2 to entry: “Audit evidence” and “audit criteria” are defined in ISO 19011.
Source: ISO/IEC 27000:2014, Information technology — Security techniques — Information security management systems — Overview and vocabulary, Third Edition, January 2014. Global Standards
Audit
A documented activity aimed at verifying by examination and evaluation that the applicable elements of the quality programme continue to be effectively implemented.
Source: Rules and Regulations for the Classification of Mobile Offshore Units, Part 4, Steel Unit Structures, June 2013, Lloyd’s Register, Global Standards
Audit
Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.
- NOTE: 1 Internal audits, sometimes called first party audits, are conducted by the organization itself, or on its behalf, for management review and other internal purposes (e.g. to confirm the effectiveness of the management system or to obtain information for the improvement of the management system). Internal audits can form the basis for an organization’s self-declaration of conformity. In many cases, particularly in small organizations, independence can be demonstrated by the freedom from responsibility for the activity being audited or freedom from bias and conflict of interest.
- NOTE: 2 External audits include second and third party audits. Second party audits are conducted by parties having an interest in the organization, such as customer, or by other persons on their behalf. Third party audits are conducted by independent auditing organizations, such as regulator or those providing certification.
- NOTE: 3 When two or more management systems of different disciplines (e.g. quality, environmental, occupational, health and safety) are audited together, this is termed a combined audit.
- NOTE: 4 When two or more auditing organizations cooperate to audit a single auditee, this is termed a joint audit.
- NOTE: 5 Adapted from ISO 9000:2005, definition 3.9.1.
Source: ISO 19011:2011 (E) – Guidelines for auditing management system. Global Standards
Audit
A systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled. Note: CSA Standard CAN/CSA-ISO 9000:05.
Source: Environmental Protection Plan Guidelines, The Canada-Newfoundland and Labrador Offshore Petroleum Board, Canada-Nova Scotia Offshore Petroleum Board, and National Energy Board, Canada, March 31, 2011. Regulatory Guidance
Source: Safety Plan Guidelines, The Canada-Newfoundland and Labrador Offshore Petroleum Board, Canada-Nova Scotia Offshore Petroleum Board, and National Energy Board, Canada, March 31, 2011. Regulatory Guidance
Audit
Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures, and to recommend necessary changes in controls, policies, or procedures (See “security audit”) [9].
- NOTE: There are three forms of audit.
- (1) External audits are conducted by parties who are not employees or contractors of the organization.
- (2) Internal audit are conducted by a separate organizational unit dedicated to internal auditing. (3) Controls self assessments are conducted by peer members of the process automation function.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Audit
In this regulation, “audit” means systematic assessment of the adequacy of the management system to achieve the purpose referred to in paragraph (1)(a) carried out by persons who are sufficiently independent of the system (but who may be employed by the duty holder) to ensure that such assessment is objective.
Source: The Offshore Installations (Safety Case) Regulations 2005, UK S.I. 2005/3117, 2005. Regulations