A procedure is not a simple restatement of the requirements of the Code; rather it describes how you will meet these requirements. What is to be done? Who does it? How is it done? What controls do you have in place to ensure it is done? Draw on the experience you have gained in complying with the ISM Code. A simple statement that “internal audits will be carried out annually by persons independent of the area being audited” would not be accepted as an internal audit procedure for ISM, and similarly it would not be considered acceptable as an internal audit procedure for the ISPS Code.