(4) Every licensed, registered or recognized certification service provider,
repository or date and time service provider shall make available any
information, document or personnel required by the auditor.
(5) The auditor shall determine and indicate in the audit report whether the
certification service provider is in full compliance, partial compliance or noncompliance with the Act and these Regulations.
(6) For the purposes of sub regulation (5) compliance shall be determined as
follows (a)
full compliance shall be indicated where the service provider
complies with all the requirements of the Act and these Regulations;
(b)
partial compliance shall be indicated where the service provider
complies with some of the requirements of the Act and these Regulations but not
all the requirements.
(c)
non-compliance shall be indicated where the relevant service provider
complies with a few or none of the requirements of the Act or these Regulations,
fails to keep adequate records to demonstrate compliance, or refuses to submit to
an audit.
(7) Where the relevant service provider complies with some or a few of the
requirements, the auditor shall indicate the provisions or requirements with
which the service provider complies and those that have not been complied with.
(8) The auditor shall within sixty days after being engaged, submit a report of the
audit to the service provider with a copy to the Controller.
(9) Every audit report shall contain –
(a)
(b)
the date of the audit;
a list of the information and documents examined and personnel
interviewed;
(c)
the results of the audit; and
(e)
any other relevant information.