Guidelines and Procedures on the Conduct of Internal Security Audit of Port Facilities

February 18, 2015

PPA MEMORANDUM ORDER NO. 03-15

 

1. Authority

1.1 Article IV, Section 6, (iii) 6-C, 26 and 43 of P.D. 857-Revised Charter of the Philippine Ports Authority.

1.2 National Security Programme for Sea Transport and Maritime Infrastructure, Book II in relation to International Maritime Organization's (IMO) International Ship and Port Facility Security (ISPS) Code.

2. Scope

These guidelines and procedures cover the conduct of internal security audit for all facilities in the port system under the administration of the Philippine Ports Authority.

3. Objectives

3.1 To standardize the procedures in the conduct of verification and evaluation of port security measures embodied in the security plan.

3.2 To measure compliance with PPA and ISPS security framework standards, policies and procedures in addressing defined risk, and provide confirmation that current security measures in the Port Facilities as originally defined remain viable and corrected or updated where necessary.

3.3 To assess the effectiveness of the physical protection assets, guard force personnel, along with the policies and procedures that guide framework implementation.

4. Responsibility

4.1 The Assistant General Manager for Operations is responsible for the Annual Internal Security Audit Plan for the whole PPA port facilities.

4.2 The Superintendent, Port Police Department/Deputy Superintendent is responsible for the actual scheduling of the audit and the deployment of personnel for the engagement. The Superintendent, PPD shall approve all internal security audit programs and is responsible for the submission of the report to the AGM-O and the General Manager.

4.3 The Division Manager, Operations-PPD/or duly designated officer shall be assigned as Audit Team Supervisor for each audit engagement and shall ensure that Audit Program and the Internal Security Audit standards of the Port Police Department are followed to achieve the audit objectives. CAIHTE

4.4 The Chief, Civil Security Officer or duly designated officer shall be assigned as Team Supervisor, who shall be responsible for the preparation of audit program, schedules and reports for submission to PP Superintendent through the Division Manager, Operations-PPD/Team Supervisor.

4.5 Audit Team members shall be assigned for each area based on his/her specific knowledge, skills or his qualifications as identified in the audit program. All working papers prepared by each member shall be reviewed by the Team Supervisor.

5. Rules of Conduct

5.1 Integrity

 Port security Internal Auditors:

5.1.1 Shall perform their work with honesty, diligence, and responsibility.

5.1.2 Shall respect and contribute to the legitimate and ethical objectives of the port police organization.

5.2 Objectivity

 Port Security Internal Auditors:

5.2.1 Shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased evaluation or assessment.

5.2.2 Shall not accept anything that may impair or be presumed to impair their professional judgment.

5.2.3 Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.

5.3 Confidentiality

 Port Security Internal Auditors:

5.3.1 Shall be prudent in the use and protection of information acquired in the course of their duties.

5.3.2 Shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization.

5.4 Competency

 Port Security Internal Auditors:

5.4.1 Shall engage only in those services for which they have the necessary knowledge, skills, and experience.

5.4.2 Shall continually improve their proficiency and the effectiveness and quality of their services. aScITE

6. Audit Methodology

The internal security audit for Port Facilities shall be conducted in accordance with PPA rules and regulations.

6.1 Planning the Audit

 The planning phase consist of interviews and consultation with the auditee, review of information, documents and reports and the development of an audit program and associated tools. The Division Manager-Operations Division prepares the Port Police Department Order constituting the internal security audit schedule for the activity based on the approved plans and programs. The review includes the contract of security services provider, Port Facility Security Plan, internal policy and procedures, applicable rules and regulations and previous audit reports and findings from the authorities.

6.2 Examination Phase/Audit Proper

 The examination phase included the following approach:

• Interviews with Port Facility Security Officers, other employees and concerned port users

• Observations of physical safeguards in different facilities; and

• Documentation examination and comparative analysis against best practices and guidance provided by lead security agencies.

 Detailed audit criteria or check off list is provided in Annex "A"

7. Post Audit Activities

The audit team shall conduct post audit conference with the auditee and shall submit the report within reasonable time to the AGM for Operations thru the Superintendent, Port Police Department.

7.1 Audit Reports

7.1.1 Statement of Assurance

 The Port Security Internal Audit Report shall state that the examination/audit was conducted in accordance with PPA regulation, memorandum or circular. The auditors shall further state in assurance that professional judgment, sufficient and appropriate audit procedures have been conducted and evidence gathered to support the accuracy of the conclusions reached and contained in the audit report. DETACa

7.1.2 Audit Opinion

 The auditors shall provide opinion whether security measures and management controls were sufficient or not to ensure rigorous and documented security risk management pertaining to port facility security. Any deficiencies shall be noted in the following areas: threat and risk management, roles and responsibilities, awareness, policies and procedures, and incident management.

7.1.3 Recommendations and Management Response

 Audit reports shall include recommendations from the auditors and approval/or disapproval from the management with corresponding detailed action plan for each developed recommendations.

This memorandum order takes effect immediately and any previous issuances that are in conflict with these rules and regulations are deemed modified, revised or repealed accordingly. HEITAD

(SGD.) JUAN C. STA. ANAGeneral Manager

ATTACHMENT

Port Police Department

Port Facility Security Audit Checklist