1.1 目的- 本实践确定了规划、实施和报告大麻/大麻业务合规审计的最低要求。它提供了有关条款、程序和责任的信息。 1.2 意图- 其目的是提供制定可靠审计计划和程序所需的具体说明，这些计划和程序用于进行审计，以产生与遵守一个或多个标准、法规、政策、最佳做法或质量规范有关的可信、一致和客观的证据和发现。 这种做法可在内部用于审计前评估，以识别和纠正运营差距。 1.3 组织- 本实践按以下方式组织: 部分 范围 1. 参考文件 2. 术语 3. 意义和用途 4. 审核过程概述 5. 审计计划 6. 审计流程 7. 记录管理 8. 关键词 9 角色和责任 附件A1 审计师资格和人员配置 附件A2 审计规模、目标和视角 附件A3 流程图 附件A4 1.4 本惯例中的任何内容均不得妨碍遵守联邦、州或地方法规，这些法规可能更具限制性或具有不同的要求。 1.5 本标准并非旨在解决与其使用相关的所有安全问题（如有）。本标准的用户有责任在使用前制定适当的安全、健康和环境实践，并确定监管限制的适用性。 1.6 本国际标准是根据世界贸易组织技术性贸易壁垒（TBT）委员会发布的《关于制定国际标准、指南和建议的原则的决定》中确立的国际公认标准化原则制定的。 ====意义和用途====== 4.1 预期用途- 本惯例旨在供制定、计划和进行内部或外部审计的各方使用，或对审计过程感兴趣的各方使用，因为他们是合规审计的主体，或他们要求进行此类审计。 4.2 审计- 审计由独立于被审计实体的审计师或审计机构进行。对其直接参与或拥有既得利益的运营或产品进行评估的个人，从技术上讲不是审计。 这些评估可能是预审计或差距评估。这种做法可用于这些类型的活动，而真正审计的严格性可能并不那么关键。 4.3 术语和概念- 第节中术语的定义 3. 以及对审计规模、目标和类型的看法 附件A3 提供有助于澄清审计中涉及的不同角色、审计的各种要素以及这种做法如何适用于不同情况的概念。本实践的编写条款适用于不同目标和规模的审计。 4.4 应用程序- 合规审计用于确定某些标准与实际操作条件之间的差距。差距知识用于评估各种风险，指导纠正措施、预防措施、根本原因分析、改进工作，防止罚款和处罚，或为利益相关者提供对操作及其潜在安全、财务或其他风险的客观评估。本实践的使用者应理解并适应本实践中的审计概念、流程和责任，以适应其特定的组织结构和情况。 4.5 审计规模- 审计规模可以从对员工不到十名的小型单一业务的内部审计，到对在多个国际地点拥有设施的大型公司的外部审计。在任何情况下，无论大小，都应遵循本实践中的原则，以产生客观可靠的结果。 4.6 审计标准- 随着大麻/大麻行业在全球范围内的发展并不断获得认可，新的和先前制定的标准、法规、政策和最佳做法正在被开发、采用、演变并应用于该行业。 由于这种不断演变的性质，审计机构需要认真关注，以保持最新的审计标准和协议。

1.1 Purpose— This practice identifies the minimum requirements for the planning, conduct, and reporting of compliance audits of a cannabis/hemp business. It provides information on terms, procedures, and responsibilities. 1.2 Intent— The intent is to provide specific instruction needed to develop reliable audit programs and procedures that are used to conduct audits that produce credible, consistent, and objective evidence and findings related to compliance with one or more standards, regulations, policies, best practices, or quality specifications. This practice can be used internally for pre-audit assessments to identify and correct operational gaps. 1.3 Organization— This practice is organized in the following manner: Section Scope 1 Referenced Documents 2 Terminology 3 Significance and Use 4 Audit Process Overview 5 Audit Programs 6 Audit Process 7 Record Management 8 Keywords 9 Roles and Responsibilities Annex A1 Auditor Qualifications and Staffing Annex A2 Scale, Objectives, and Perspectives of an Audit Annex A3 Process Diagrams Annex A4 1.4 Nothing in this practice shall preclude observance of federal, state, or local regulations which may be more restrictive or have different requirements. 1.5 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use. 1.6 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee. ====== Significance And Use ====== 4.1 Intended Use— This practice is intended for use by parties who either develop, plan, and conduct internal or external audits, or are interested in the audit process since they are the subject of compliance audits or they mandate such audits to occur. 4.2 Audits— Audits are conducted by an auditor or audit body that is independent of the entity being audited. Individuals that conduct an assessment of an operation or product that they are directly involved with or have a vested interest in, is technically not an audit. These assessments might be a pre-audit or gap assessment. This practice can be used for these types of activities and the rigor of a true audit may not be as critical. 4.3 Terms and Concepts— The definition of terms in Section 3 and the perspectives on scale, objectives, and types of audits in Annex A3 provide concepts that help clarify the different roles involved in an audit, the various elements of an audit, and how this practice applies to different situations. This practice is written in terms that accommodate audits for different objectives and sizes. 4.4 Application— Compliance audits are used to identify gaps between some criteria and the actual operational conditions. Knowledge of gaps are used to assess various risks, guide corrective action, preventive action, root cause analysis, improvement efforts, prevent fines and penalties, or provide stakeholders an objective evaluation of an operation and its potential safety, financial, or other risks. A user of this practice should understand and adapt the audit concepts, process, and responsibilities in this practice to their specific organizational structure and situation. 4.5 Audit Scale— The scale of an audit can range from an internal audit of a small single operation with fewer than ten employees to an external audit of a large corporation with facilities at multiple international locations. In either case, large or small, the principles in this practice shall be followed to produce objective and credible results. 4.6 Audit Criteria— As the cannabis/hemp industry develops globally and continues to gain acceptance, both new and previously established standards, regulations, policies, and best practices are being developed, adopted, evolving, and applied to this industry. Due to this evolving nature, diligent attention is needed by auditing bodies to maintain up-to-date audit criteria and protocols.