Schedule a Discovery Call

API Audits that Truly Prepare You

Ensure your organization is fully prepared for tough API certification or surveillance audits, by having auditors with deep oil & gas manufacturing and service experience.

  • API Q1 and API Q2 Internal Audits or Gap Analysis
  • API Monogram Audits
  • Supplier Audits
Schedule a Discovery Call
API Factory Audit
API Auidts on the Field

API Q1, API Q2 and API Monogram audits are significantly more rigorous than typical ISO audits. They require deep understanding of manufacturing controls and service execution, risk assessment, traceability, and industry-specific requirements.

Mireaux brings more than 20 years of oil & gas audit and consulting expertise to help your organization meet and maintain API requirements. Whether preparing for initial certification or surveillance audit, our audits highlight your strengths and uncover issues before the API auditor does.

API Specifications We Audit

API Q1 9th Edition
API Q2 2nd Edition
API Monograms
ISO 80079-34
ISO 9001: 2015
ISO 14001: 2015
ISO 45001: 2015
ISO 27001: 2015
  • API Q1: Specification for Quality Management System Requirements for Manufacturing Organizations
  • API Q2: Specification for Quality Management System Requirements for Service Supply Organizations
  • API Monogram Specifications API 10A, API 11AX, API 11B, API 11D, API 11E, API 12F, API 12P, API 13A, API 14L, API 16A, API 16AR, API 16D, API 16RCD, API 17D, API 19AC, API 19G1, API 19G3, API 19LH, API 20E, API 2C, API 4F, API 5B, API 5CRA, API 5CT, API 5DP, API 5L, API 6A, API 6D, API 7-1, API 7F, API 9A

We can also support other ISO-based standards, Ask Us. 

What You Can Expect from Our API Audits

When we help implement your API-based management system.

Expert-Level API Knowledge

Our auditors have real-world manufacturing and oil & gas experience and understand the technical requirements of Q1 and Q2.

Full Alignment with API Expectations

Our methodology mirrors API’s auditing approach and use similar audit checklist as the ones used by API Auditors, helping ensure no surprises during certification.

Detailed Technical Findings

We evaluate risks, controls, process discipline, traceability, service execution, and documentation with the same rigor as API auditors.

Documents Sent to Web QMS

Web QMS users receive Audit Agendas, Audit Reports & Findings directly in the Audits App of their Web QMS site.

API Auditing Services We Provide

Internal Audit Icon

API Q1 Internal Audits

Full internal audits aligned with API Q1 requirements, including product realization, management of change, risk assessments, contingency planning, and supply chain controls.

Internal Audit Icon

API Q2 Internal Audits

Audits focused on API Q2 requirements, including service execution, service quality plans, service-related product preventive maintenance competency, and risk management.

Process Audit Icon

API Q1 Gap Analysis

A detailed assessment to determine your readiness for API certification and to identify what needs to be addressed prior to your official API audit.

Supplier Audit Icon
Process Audit Icon

API Q2 Gap Analysis

A detailed assessment to determine your readiness for API certification and to identify what needs to be addressed prior to your official API audit.

Analysis Icon

API Monogram Audits

These are intricate audits against product specifications such as API 6A, 7-1, 16A, aimed at verifying design control, manufacturing processes, testing, traceability, marking, and product release practices, as required.

Supplier Audit Icon

Supplier Audits (API Focused)

Evaluation of suppliers and contractors against API & your requirements, to ensure proper controls, traceability, and conformity.

Why Companies Choose Mireaux for their API Audits

We don’t just point out gaps — we help you understand them.

  • Deep Oil & Gas Experience

    We understand the operational realities of manufacturing and service companies in the energy sector.
  • Strong Understanding of API Expectations

    We stay current with API interpretations, updates, and industry shifts.
  • Accurate, Unbiased Audits

    Our API audits identify issues before they become findings with API.
  • Reliable, Consistent Results

    Organizations trust us for audits that strengthen their systems—not just meet requirements.

Demystifying Audit Findings

Audits aren’t strictly pass or fail—but how you respond to the findings can make all the difference in whether your organization achieves or maintains certification. This video breaks down:

  • The true meaning of audit findings
  • How many findings are too many?
  • What audit results mean for your certification
  • How to use internal audits and findings to your advantage

Get expert insights, real examples, and practical tips to help you handle audits with confidence.

Book Your API Audit Today

Prepare for API Q1 or Q2 certification with confidence. Let our experienced API auditors evaluate your system and help you get audit-ready.

Schedule a Discovery Call

Frequently Asked Questions

Planning for the audit is essential in order to ensure the audit achieves the goals and objectives desired. Poor planning may turn the audit into wasted time and effort. We can assist your organization plan for the audit, by helping you determine the following:

  • Criteria: The standard(s) you would like your management system to be audited against.
  • Scope of the Audit: This involves the actual reach of the audit, in terms of locations, processes, shifts, etc.
  • Scope of the management system: This is the scope of your management system, as written in your manual or certification documents; including any exclusions you may have taken from the standard requirements.Objectives
  • Type of Audit: Internal Audit, Gap Analysis, Process Audit, Product Audit, or Supplier Audit.
  • Number of People: This information is useful when calculating the number of days for the audit.

In general, we use the following nomenclature for reporting findings:

1. Noteworthy Efforts

These are strengths and positive attributes that help an organization comply with the standard over and above what may be considered normal or what is typically seen. These type of findings do not require a response.

2. Opportunities for Improvement

Opinions made by the Auditor, about activities that can be done more effectively based on experience and best practices. Since the requirements of the standard are being met, albeit not efficiently as seen by the Auditor elsewhere, these type of findings do not require a response.

3. Observations or Concerns

Views made by the Auditor regarding areas of the process or management system which could become nonconforming should objective evidence become available or the right conditions appear. These could be treated as “near misses” and while some registrars do not require a response to them, Mireaux does encourage its Clients to document these findings and treat them as Preventive Actions in order to proactively resolve or prevent any future problems.

4. Minor Nonconformance

An isolated lapse of either discipline or control during the implementation of a management system element or procedural requirements is considered a minor nonconformity. A minor nonconformity also must not indicate a management system breakdown, and must not raise doubt that products or intended services will meet requirements. Overall the management system requirements are defined, implemented, and effective.

5. Major Nonconformance

The absence or lack of implementation of one or more required management system elements or clauses constitutes a major nonconformity.  These encompass situations which indicate that:

A Gap Analysis is an exhaustive exercise, in which every clause of the ISO or API standard is checked for compliance. While a thorough Gap Analysis includes verification of implementation by interviewing some employees, it is highly focused on reviewing required documentation and records– usually performed from a desk or meeting room. This is why Gap Analyses are also called “Desktop Audits”.

Yes, starting on April 1, 2020, we are able to conduct audits remotely. During remote audits, our Auditors review documentation or records made available electronically and conduct interviews via a Microsoft Teams.

The expectation nowadays is that a full cycle of Internal Audits be conducted “every 12 months”. This may be seen as contrasting the various definitions the standards, may have:

  • PERIODIC: this may be interpreted as being able to conduct Internal Audits every 2 years for example.
  • ANNUAL: this may be interpreted as being able to conduct your Internal Audit in January this calendar year, while next calendar year you could conduct your Internal Audit in December for example. Both still took place on the “annual” year.
  • EVERY 12 MONTHS: This means that if this year you conducted your Internal Audit in January, next year your Internal Audit shall be conducted no later than January. Conducting it in February would put you a month late and therefore out of compliance.

Therefore, even though the language may not be consistent among standards, the expectation is that you will conduct a full cycle of Internal Audits, EVERY 12 MONTHS.

Your Audit Plan, Program, or Schedule should outline when you will conduct the Internal Audits. We recommend pinpointing the month and year, rather than just the year, as this may be seen as too broad and not a good plan.

A full cycle of Internal Audits signifies that you have audited all of the processes in your management system within the 12-month period. Whether you audit one or more process per month, or all processes at once, you have to audit all of the processes that are part of your management system.

A full cycle of Internal Audits also implies that you have conducted the actual audit, issued the findings, and closed out all nonconformities appropriately.

Depending on how your Internal Audit Schedule is setup, we can help you meet this requirement. For efficiency reasons, we usually propose Internal Audits be conducted all at once, meaning your processes are audited in the same timeframe one after another.

There are a few consequences to be expected during your Registrar’s External Audit if you do not conduct your Internal Audit on time according to your Internal Audit schedule, or prior to your Registrar’s External Audit. Below are three possible outcomes based on your Internal Audit schedule’s modus operandi.

1. If you conduct one Internal Audit per year

If you only conduct one Internal Audit per year, meaning all of your processes are audited at once; missing an internal Audit should be cause for concern. More than likely, you will get a minor Nonconformity during your External Audit, which could possibly be a major nonconformity, especially if you do not even have it on the schedule.

2. If you conduct several Internal Audits per year

If you conduct several Internal Audits per year, each focusing on a few processes of your overall management system, then missing one Internal Audit may not be as serious. Nevertheless, expect a minor Nonconformity during your External Audit.

3. If this is your first Internal Audit

If you missed conducting an Internal Audit prior to your initial certification or Stage 2 Audit, then this is serious. Having an Internal Audit prior to your certification audit is a critical requirement and definitely a showstopper:

  • For ISO standards, expect a major nonconformity and possibly a halt in the overall audit.
  • For API standards, you will not even be able to get your application approved – if you have not had a full cycle of Internal Audits. So you will be delaying the application and ultimately the certification process.

A Gap Analysis is beneficial when an organization has implemented some elements of the ISO or API standard desired. In this case, a thorough Gap Analysis will provide a clear indication of how close or how far the organization’s management system is in relationship to the ISO or API standard being sought.

However, if the organization does not have any elements of a management system in place, and has not worked much towards meeting any of the requirements of the ISO or API standard desired; then a Gap Analysis is not recommended. In fact, having a Gap Analysis in this situation, is likely to yield a huge gap –as you are lacking just about everything – which may already be evident to your team. If this is your case, save your money and put it towards resources for implementation.

A Gap Analysis may be conducted once or twice while the organization prepares for their certification audit – to get reassurance that their implementation efforts are moving them closer to meeting all requirements of the ISO or API standards being sought.

Having a Gap Analysis at the onset of the certification journey is worthwhile. It should provide clear guidance on the direction to take and provide assurance that you are (or are not) in the right track.

If time and budget allows, a second Gap Analysis could also be helpful before the External Audit or Certification Audit. At this point, the results of the Gap Analysis should provide confirmation that the organization is indeed ready for certification.  A type of audit called Pre-Assessment – often conducted by the Registrar or Certification Body themselves – can be equated to this Gap Analysis.

We can help your organization tremendously towards achieving your desired ISO or API goals, by conducting a thorough Gap Analysis that can provide a clear roadmap to certification. Having Mireaux conduct your Gap Analysis also provides a chance for your team to discuss face to face with an expert, areas that may need attention in order to close the gaps.

Additionally upon completion of the Gap Analysis, Mireaux issues a comprehensive Gap Analysis Report that contains a detailed clause-by-clause analysis of the ISO or API standards being sought, providing for each clause:

  1. Details of the Gap
  2. Recommended actions to close the Gap
  3. Evaluation compliance on a scale of 1 to 5

Mireaux’s Gap Analysis Report also provides an overall percent of compliance, to give the organization a good idea of their “grade” and the road ahead.

There are many reasons that can spark the need to conduct a Supplier/Vendor Audit. Among them are the following:

  1. Your organization requires it for Supplier/Vendor approval
  2. Your organization requires it for Supplier/Vendor re-approval
  3. The Supplier/Vendor has shown a negative trend in the number of NCRs (product or service nonconformances)
  4. The Supplier/Vendor has been issued a Corrective Action and you would like to verify implementation and effectiveness
  5. A customer complaint was received, where the root cause was attributed to a failure or breakdown in the supplier/vendor processes
  6. Your organization wants to give the Supplier/Vendor additional work and wants to verify capabilities and capacity
  7. An information security incident, environmental impact, or safety incident occurred and it is evident that an error in the supplier/vendor’s processes, contributed to the problem.

In essence, reasons for conducting a Supplier/Vendor Audit abound. If your organization practices the ISO principle of “Relationship Management” formerly known as “Mutually beneficial Supplier Relationships”, then being able to audit your Supplier/Vendor should be welcomed as an opportunity for furthering the ties between you and your supplier/vendor.

The ISO management system standards do not require Suppliers/Vendors Audits as part of the evaluation/reevaluation of supplier or vendors. API however, is more prescriptive in its requirements for Suppliers/Vendors’ initial evaluation and selection, as shown on the following API Q2 excerpt:

The requirement above is clear in that an assessment of the supplier needs to be done at their facility (the facility from where the supplier is providing their product or service); however, the assessment can be conducted by your organization, an organization you outsourced to, or a third-party. Whichever method you decide, it should be part of your supply chain program and be documented as part of your management system requirements.

Audits should never be confrontational or offensive.  If you have a management system in place that follows the ISO principle of “Relationship Management” formerly known as “Mutually beneficial Supplier Relationships”, then the relationship between you and your supplier/vendor should be one of mutual cooperation and improvement.

In general, Mireaux discourages use of surprise audits or similar scare tactics. We like to send Audit Agendas in advance and make sure that the organization is fully aware of our visit. However, if you truly believe that there are major discrepancies that need to be verified, it is up to your organization to bypass early notification and just show up.

0
Empty Cart Your Cart is Empty!

It looks like you haven't added any items to your cart yet.

Browse Products

Free Essential Guide

The Essential Steps to Jumpstart your ISO/API Certification Journey!

These are the same steps our own Consultants use to successfully guide our clients to achieve ISO/API certification