The Auditor’s Role

Requirements for Cyanide Code Audits

Operations of companies that are signatories to the Code must be audited to determine if they can be certified as in compliance with the Code’s Principles and Standards of Practice. Audits for certification under the Cyanide Code must be conducted by independent third-party auditors who meet ICMI requirements for experience, expertise and lack of conflicts of interest. Auditors are contracted and paid by the company or operation for which they will perform the audit. ICMI does not contract auditors.

For initial certification audits the on-site portion of an audit must be completed within three years of the date an operation is listed for certification. For operations that are already certified, the on-site portion of the recertification audit must be conducted within three years of the date of the operation’s current certification. Other scheduling requirements exist for operations that change ownership during a certification period, go into temporary closure or withdraw from participation in the program. Additional and full details on the timing of audit requirements are included in ICMI’s Signatory and Certification Process document.

Selecting an Auditor

ICMI maintains a list of pre-approved Cyanide Code auditors who have submitted their credentials and have been accepted by ICMI to conduct Cyanide Code certification audits. Although auditors are not required to appear on the list, ICMI recommends that companies contracting auditors ensure that their auditors have the necessary qualifications by asking the auditors to submit their qualifications to ICMI for approval prior to being contracted to perform an audit.

Auditing the Cyanide Code

Auditors conducting Code Certification Audits must use ICMI’s Verification Protocols in assessing whether an operation is adhering to the Principles and Standards of Practice of the Code. Separate Verification Protocols exist for Mining Operations, Transport Operations, and Production Operations. The goal of each Verification Protocol is to encourage and support a thorough and probing inquiry by the auditor.

Each Verification Protocol is supported by a Guidance document. The Guidance documents are designed to help operations understand their obligations in implementing the International Cyanide Management Code, and to aid auditors in evaluating operational compliance with the Code.  Verification Protocols and associated Guidance documents may be found in the Document Library.

Audit Document Submission

Within 90 days of the completion of the site inspection portion of the audit, lead auditors must submit to ICMI electronic copies of a Detailed Audit Findings Report, a Summary Audit Report, an Auditor Credentials Form that includes information for each member of the audit team, a Corrective Action Plan (for operations found in substantial compliance with the Code), and a letter from the owner or authorized representative of the audited operation granting ICMI permission to post the Summary Audit Report and Corrective Action Plan (if required) on the Code website. The lead auditor’s signature on the Auditor Credentials Form must be certified by notarization or its equivalent and the auditor must also submit a hard copy version of the credentials form to ICMI.

ICMI Completeness Review

Upon receipt of the required documents, ICMI will conduct a review of the submitted documentation for “completeness.” This review is intended to ensure that all necessary information has been provided.  It does not address the substantive issues of Code compliance.

If the documentation is complete, ICMI will inform the auditor and operation and post the Summary Audit Report, Auditor Credentials Form, and, if required, the Corrective Action Plan on the Cyanide Code website. If the documentation is incomplete, ICMI will advise the auditor and operation of the deficiencies and request that revised documentation be submitted within 30 days.

Certification of Operations

ICMI relies entirely on the findings of the certified professional auditor. ICMI has no independent means of determining whether or not an operation complies with the Code, and does not make a separate decision regarding an operation’s certification.

ICMI announces certification of an operation upon receipt and approval of the final versions of all necessary audit documents, including an Audit Report that finds the operation in full or substantial compliance. ICMI announces an operation’s certification by making public the Summary Audit Report, the Auditor Credentials Form, and the Corrective Action Plan (if required) on the Cyanide Code website.

Code Documents for Auditors and Auditing

Copies of the Verification Protocols, Auditor Guidances, and other documents related to auditing for Cyanide Code compliance are available in our document library.