Once again 33CFR105.415 provides guidance regarding who can conduct the annual audit.  The regulation states, “personnel conducting internal audits of the security measures specified in the FSP or evaluating its implementation must:

            (i) Have knowledge of methods for conducting audits and inspections, and

                        security, control, and monitoring techniques;

            (ii) Not have regularly assigned security duties; and

            (iii) Be independent of any security measures being audited.”

In simple terms, the requirement is that the person needs to be an “expert” and not be part of your facility’s security organization.  A pretty good test of whether your auditor is up to the task is to ask yourself the question, “Do I know more than the auditor?”  If the answer is “yes”, keep looking for a real expert!

Your auditor must have enough expertise in conducting audits to be your “critical best friend”.  They need the knowledge and experience to find your potential flaws, weaknesses and vulnerabilities before the Coast Guard does, or worse yet, the BAD Guys!