An ISM internal audit is not an inspection you survive. It is one you are supposed to fail — quietly, on your own schedule, before anyone from a Recognized Organization or a flag state is standing on deck. That distinction gets lost on vessels that treat the internal audit as a formality: a folder gets updated, a checklist gets initialed, and the exercise produces zero findings. Zero findings from an internal audit is not a good sign. It usually means the audit did not look hard enough.
This walkthrough covers what the ISM Code actually requires for internal audits — who can run one, how often, how to classify what you find, and how to close it out with evidence that holds up when an external surveyor eventually asks to see it.
Who Can Run the Audit
ISM Code Article 12 requires that personnel carrying out internal audits be independent of the areas being audited, unless this is impracticable given the size and nature of the company. That second clause matters enormously in the yacht world, where a management company might run two or three vessels with a total shore staff of one DPA.
In practice, independence on a yacht usually looks like one of these:
- A DPA who did not write the procedure being audited reviewing that procedure and its implementation on board.
- A captain or officer from a sister vessel in the same fleet auditing a vessel they do not serve on.
- A third-party ISM auditor or consultant, engaged specifically for the internal audit, when the company is too small to produce internal independence at all.
What does not qualify: the Master auditing his own ship's SMS implementation, or a department head reviewing procedures they personally enforce day to day. If your company genuinely cannot achieve independence because of its size, document that reasoning — a surveyor will ask how independence was addressed, and "we only have one captain" is a valid answer only if it is written down as a deliberate decision, not a default you never examined.
Whoever conducts the audit should also have completed relevant auditor training. This does not need to be an expensive external course for every internal auditor, but the company should be able to show that the person running the audit understands audit methodology — objective evidence, sampling, non-leading questions — rather than simply walking around with a checklist and a pen.
"Impracticable due to size" is a documented judgment call, not a shortcut. If your company relies on it, record why independence was not achievable and what compensating measure was used instead — a second captain's review, an external consultant, or a DPA who was not involved in writing the procedure. An undocumented lack of independence reads as a finding in itself during an external audit.
How Often: The 12-Month Clock
Article 12.1 sets the baseline: internal safety audits, conducted on board and ashore, at intervals not exceeding 12 months. Both levels are mandatory — auditing the ship without ever auditing how the office manages resources, maintains documents, and supports the DPA is not compliant, even if the ship-level audit is thorough.
The Code allows the interval to be exceeded by up to 3 months in exceptional circumstances, but this is not a scheduling buffer to lean on. A surveyor reviewing your audit history expects to see a genuine, documented reason — a vessel in an extended yard period with no crew aboard, for instance — not a pattern of audits consistently running at 14 or 15 months because the DPA was busy.
The practical approach that avoids the deadline scramble: fix the audit date to a recurring point in the operational calendar — end of the Mediterranean season, before winter lay-up, ahead of survey renewal — rather than measuring 365 days from the last audit and hoping someone remembers.
Step 1: Plan the Scope and Schedule
Before anyone opens a manual, define what this specific audit will cover. A full-scope audit against all twelve ISM elements is the annual minimum, but nothing prevents running a tighter, more frequent internal check on a specific area — maintenance records after a busy charter season, or emergency procedures after a crew turnover.
A useful audit plan states, in writing, before the audit starts:
- Which SMS elements and procedures are in scope
- Which documents, logs, and records will be sampled
- Who will be interviewed, and in what order
- The audit date and expected duration
- Who is conducting it, and confirmation of their independence
HelmOps' ISM audit checklist tool covers all 12 ISM elements with DOC and SMC readiness flags built in, and is a reasonable starting scope document if your company does not already have one — use it to confirm coverage, then adapt it to the vessel's actual procedures rather than auditing against a generic template.
Step 2: Walk the Ship — What the Auditor Actually Checks
A credible audit is not a document review conducted in the DPA's office. It requires being on board, comparing what the SMS says against what is actually happening, and asking crew direct questions about procedures they are supposed to know.
Typical audit activity on a vessel:
- Document sampling — pull maintenance records, drill logs, and near-miss reports at random, not just the most recent entries, and check they match the PMS schedule and drill calendar.
- Physical verification — confirm safety equipment matches what the records claim was inspected: fire extinguisher tags, EPIRB test dates, lifejacket condition.
- Crew interviews — ask junior crew, not just the Master, to explain the muster procedure or where the SMS manual is kept. A confident answer from the Master and a blank look from a deckhand is itself a finding.
- Procedure-versus-practice comparison — watch, where practical, whether a documented procedure (bunkering, tender launch, watch handover) is actually followed as written, or whether an informal workaround has quietly replaced it.
Step 3: Classify What You Find
Every observation from the audit gets recorded and classified. The ISM Code defines two categories, and getting the grading right matters — it determines how urgently a finding must be closed.
Non-conformity (ISM Code §1.1.9): an observed situation where objective evidence indicates a specified requirement has not been fulfilled. Examples: a maintenance log entry missing a technician's signature, a fire drill conducted but not recorded within the required timeframe, a superseded procedure still posted in the crew mess.
Major non-conformity (ISM Code §1.1.10): an identifiable deviation that poses a serious threat to the safety of personnel or the ship, or a serious risk to the environment, and requires immediate corrective action — or a deviation that reflects the lack of effective and systematic implementation of an ISM Code requirement altogether, rather than an isolated slip. A fire safety system that has not been tested in over a year is not a paperwork gap; it is a major non-conformity, because the underlying risk is live.
The distinction is not about how embarrassing the finding is — it is about immediate risk and systemic failure versus an isolated documentation gap.
This is the same classification a Recognized Organization surveyor applies during the external DOC and SMC audit, and a major non-conformity found there is grounds to withhold or suspend certification until it is closed out and verified. Catching and correcting a major NC during your own internal audit — before it becomes a surveyor's finding — is what makes the annual internal audit worth doing properly rather than treating it as a formality.
Step 4: Corrective Action — From Finding to Closed
A finding without a corrective action is just a complaint. Every non-conformity needs an assigned owner, a defined action, a target closure date, and — critically — objective evidence that the action actually happened, not just a checkbox marked complete.
A defensible corrective action record includes:
- The finding, described in objective, evidence-based terms — not "maintenance is disorganized" but "three of eight sampled PMS jobs for the main engine had no completion record for Q2."
- Root cause, briefly — was this a one-off oversight, or does it point to a gap in the maintenance scheduling process itself?
- The corrective action, assigned to a named person with a deadline.
- Verification evidence attached at closure — a completed log entry, a photo, an updated procedure — not a verbal confirmation that "it's been handled."
Major non-conformities need faster turnaround and, depending on the severity, may need the DPA or even the RO notified before the vessel's next voyage. Minor non-conformities can typically be closed within the normal maintenance and documentation cycle, but should still carry a real deadline — an open finding with no due date tends to stay open indefinitely.
Step 5: Report to the DPA and Close the Loop
The audit is not finished when the last finding is written down. ISM Code Article 12 requires that audit results and corrective actions be brought to the attention of personnel responsible for the area, and — for company-level review — reported to the Designated Person Ashore for evaluation.
The DPA's role in this step goes beyond receiving a summary email. A DPA doing this properly:
- Reviews every finding, not just the major ones, looking for patterns across multiple audits
- Confirms corrective actions were verified with evidence, not just marked closed
- Escalates any major non-conformity to top management, since the DPA has direct access to the highest level of the company by ISM design
- Feeds recurring findings back into SMS revision — if the same category of finding keeps appearing, the procedure itself may be the problem, not the crew following it
A management review that never surfaces audit findings to actual company leadership is a broken loop, regardless of how thorough the audit itself was.
What This Looks Like on Paper
An external surveyor reviewing your internal audit programme is not primarily looking at whether you found problems — finding nothing at all after a genuine audit is rare and suspicious. They are looking at whether the audit trail is coherent: plan, evidence sampled, findings classified consistently, corrective actions closed with proof, and DPA review documented.
The minimum record set for each audit cycle:
- The audit plan and scope, dated and signed
- Evidence and interview notes gathered during the audit
- A findings list with each item classified as non-conformity or major non-conformity
- Corrective action records with named owners, deadlines, and closure evidence
- A DPA review record, including any items escalated to top management
- Confirmation of auditor independence (or the documented exception)
Digital record-keeping is standard practice now, and every major Recognized Organization accepts it provided the audit trail is tamper-evident and version-controlled. What surveyors will not accept is a folder of scanned forms with no clear chain from finding to correction to verification.
Internal Audit vs. the External SMC Survey
It is worth being precise about what an internal audit is not. It is not a rehearsal for the SMC survey, and it does not carry the same legal weight — an internal audit finding does not by itself suspend a certificate the way an external major non-conformity can. For the full picture of how DOC and SMC certification works, including what happens during the Recognized Organization's survey, see the ISM Code compliance guide.
What the internal audit does is remove the surprise from that external survey. A company running honest, well-documented internal audits generally walks into an SMC survey already knowing where its weak points are — because it found them first, on its own terms, with time to fix them properly rather than under survey pressure. The same discipline pays off during Port State Control inspections too: PSC officers consistently flag ISM non-compliance as a deficiency category, and a vessel with a genuine internal audit history has fewer places for that kind of gap to hide.



