Maritime operations hinge on trust: we must believe vessels are safely managed, crews are competent and well-rested, and companies comply with international regulations. Auditing is the mechanism that turns trust into objective evidence. In this article we explore why audits matter, how the International Safety Management (ISM) Code embeds audit culture into modern shipping, and what it takes to become an effective ISM Lead Auditor.
Why Audit?
Audit is a term which has become a catch-all. However, we may have different purposes based on the type of investigation:
- An inspection verifies compliance at the time of the inspection.
- An audit verifies past compliance.
- A survey is to establish confidence of the ship and companies future compliance.
These are systematic, independent and documented evaluations, and to those of us in fleet management and on ships, they seem very similar, but the purpose of the audit lends context to the investigation. We are looking for:
- Verify legal compliance (SOLAS, MARPOL, MLC, local port state requirements).
- Identify latent hazards before they trigger casualties, protecting life, assets and the environment.
- Provide evidence to charterers, insurers and regulators that a company’s Safety Management System (SMS) is robust.
- Support continual improvement by flagging weaknesses and highlighting best practice. numberanalytics.com
- Providing feedback to the ship, the company and the industry.
- To guide management decision-making.
The ISM Code at a Glance
The International Safety Management Code was adopted by IMO Resolution A.741(18) in 1993 and became mandatory via SOLAS Chapter IX on 1 July 1998. Subsequent amendments in 2002, 2006 and later years refined its focus on risk management and continuous improvement. imo.org
The Code requires each “Company” (the entity bearing responsibility for operation of a ship) to develop, implement and maintain an SMS that ensures:
- Safe practices in ship operation and a safe working environment.
- Safeguards against identified risks.
- Continuous improvement of safety-management skills, including preparing for emergencies and environmental protection. classnk.or.jp
Auditing is the Code’s enforcement backbone. Companies must conduct annual internal audits of both office and vessels, and undergo external audits by Flag or a Recognised Organisation to obtain and retain the Document of Compliance (DOC) and Safety Management Certificates (SMC).
Who Audits?
| Auditor Type | Typical Position | Scope | Certification Needed |
|---|---|---|---|
| Internal Auditor | Safety Officer, Master, Senior Officer, Superintendent | Vessel and shore-office SMS verification | ISM Lead Auditor qualification |
| Lead Auditor (External) | Port-state Inspector, Classification Society or Flag surveyor | Initial, intermediate, renewal & additional DOC/SMC audits | Specific to State and Classification Society |
| Third-party Specialist | Consultants, Vetting Inspectors | Commercial inspections | DBMS, SIRE or CDI auditor qualifications |
The ISM Code allows competence to be demonstrated either through relevant experience or formal training—hence the growing demand for certified ISM Lead Auditors.
The Audit Process – An Overview
- Plan – define scope, objectives, criteria and team; develop an audit plan and sampling strategy.
- Conduct – hold an opening meeting, gather objective evidence through interviews, documentation review and vessel walkthroughs, classify findings.
- Report – present non-conformities (NCs), observations and opportunities for improvement; agree corrective-action deadlines.
- Follow-up – verify completion and effectiveness of corrective actions; close the audit.
- Record & Learn – feed lessons back into the SMS for continual improvement.
Learn more about good marine port and marine facilities practice.
Planning an Audit
Effective planning underpins audit success:
- Context analysis – consider vessel type, trading pattern, recent incidents, PSC records and any changes to regulations.
- Audit plan – allocate time for document review, shipboard inspection and crew interviews. Schedule high-risk processes (e.g., bunkering, enclosed-space entry drills) for witness sampling.
- Checklists & tools – base questions on ISM clauses, company procedures and recent amendments (e.g., cyber-risk provisions).
- Notification – give auditees reasonable notice while reserving the right to carry out unannounced spot checks for cause.
Conducting an Audit
During execution, an ISM Lead Auditor must:
- Set the tone – the opening meeting clarifies scope, confidentiality and co-operation.
- Collect evidence – triangulate between documents, objective records (logbooks, drill reports) and behaviour observed on board.
- Ask open questions – “Show me how…” reveals practical application better than “Do you comply?”
- Record findings – classify each as Major NC, Minor NC, Observation or Positive Practice.
- Close professionally – summarise results, ensure understanding, and get management commitment to corrective action.
Qualities of an ISM Lead Auditor
According to the IMO’s auditor criteria, desirable attributes include initiative, judgement, tact, sensitivity, clear writing, managerial experience and solid knowledge of the regulatory framework. imo.org
Add to that:
- Objectivity & integrity – evidence-based conclusions free from bias.
- Maritime credibility – sea-going or superintendent experience fosters trust with crews.
- Analytical mindset – ability to see systemic patterns behind individual findings.
- Communication skills – concise reporting and persuasive follow-up dialogue.
- Leadership – managing multi-disciplinary audit teams across cultures and time zones.
These competencies are explicitly developed in the ISM Lead Auditor training delivered by My Go To.
What Makes a Good Management System?
An audit cannot succeed if the underlying SMS is chaotic. Effective systems share common DNA:
- Policy & Commitment – signed by top management, setting safety and environmental goals.
- Defined Responsibilities – clear lines of authority from the Board to the bridge.
- Risk Assessment & Controls – systematic hazard identification and mitigation.
- Documented Procedures – current, user-friendly manuals with version control.
- Competence & Training – role-specific competence matrices and records.
- Emergency Preparedness – drills, contingency plans, and crisis-communication protocols.
- Monitoring & Review – KPIs, internal audits, management reviews, and feedback loops.
- Continuous Improvement – Continuous development, with changes and decisions based on evidence.
An ISM Lead Auditor evaluates not just compliance but the maturity of these elements, identifying whether the company is reactive, proactive or generative in its safety culture.
Audit Follow-up
Findings only add value when they are closed-out effectively:
- Root-cause analysis for every Major or recurrent Minor NC.
- Corrective-action plan (CAP) with responsibilities, deadlines and verification method.
- Evidence of effectiveness – revised procedures, training records, functional tests.
- Certificate endorsement – failure to close NCs can invalidate DOC/SMC, triggering additional or renewal audits. classnk.or.jp
Advance Your Career as an ISM Lead Auditor
Whether you are a master looking to transition ashore, a superintendent seeking promotion, or a safety officer tasked with internal audits, formal qualification as an ISM Lead Auditor sets you apart.
Our three-day ISM Lead Auditor (Approved) course from My Go To blends classroom theory with practical exercises in planning, conducting and reporting audits, all framed around the latest IMO and ISO standards.
Book your place on ISM Lead Auditor Course
Further Reading
- IMO – ISM Code resources and amendments
- ClassNK “Handbook for ISM Audits” (18th edition) – step-by-step guidance for DOC/SMC audits
- UK Department for Transport – Port Marine Safety Code (PMSC) & “Guide to Good Practice” – audit aides-memoire and checklists
- Marine Insight – “What is the ISM Code for Ships?” – plain-language background for seafarers
