My management has asked me why we are audited by our external auditor twice per year. We are owned by a German organization that is only audited annually, and they would like to reduce costs.

What controls the number and/or frequency of periodic third party audits?

If anyone could provide a reference, or link, it would help.

My management has asked me why we are audited by our external auditor twice per year. We are owned by a German organization that is only audited annually, and they would like to reduce costs.

What controls the number and/or frequency of periodic third party audits?

If anyone could provide a reference, or link, it would help.

You control the frequency of your third party audits. You may choose annual or 6 month intervals for surveillance audits. The length of the audit in terms of days is dependent on the size of your organization. Ask your registrar, they will tell you, and they can provide you with a link.

My management has asked me why we are audited by our external auditor twice per year. We are owned by a German organization that is only audited annually, and they would like to reduce costs.

What controls the number and/or frequency of periodic third party audits?

If anyone could provide a reference, or link, it would help.


Frequency of third party audits isn't as important as the number of days taken to complete the audits. Audit hours are assigned on a per-year basis, and are typically based on how many staff the organization employs. So - for us, we have three surveillance audit days per year. We can break that up any way we want to - we can have one yearly audit that's three days long, two audits per year that are 1.5 days long, three audits at one day each, etc. etc. etc..

In short, the frequency of audits shouldn't have any effect on the cost, because the total number of days required per year will still be the same. The only way I can see the cost being affected is if you're paying travel or accommodation expenses for the auditor.

Hope this helps,
-R.

Registrars are required to maintain a surveillance program for the systems they certify. Typically, Registrars perform either annual or semi-annual surveillance audits. The IAF Guidance document to ISO/IEC Guide 62, available here (http://www.compad.com.au/cms/iaf/workstation/upFiles/890968.IAF-GD2-2003_Guide_62_Issue_3_Pub.pdf), Annex 2 establishes, as a "rule of thumb", that the annual surveillance audit time should be approximately 1/3 of the time spent during the initial certification audit. So, for example, if your initial audit took 6 auditor-days (2 auditors for 3 days), the annual amount of time to be spent during the surveillance audits would be approximately 2 auditors days. These two auditor days could be spent in 1 single visit or 2 semi-annual visits, each one 1 auditor day on-site. So, cost wise, it would not make much of a difference.

Many Registrars will give you the option for the surveillance audit frequency. Talk to yours.

Thanks!

Our initial audit was for four auditor days (1 auditor, 4 days), which aligns with the IAF recommendation for our organizaiton size.

The initial PO called for semi-annual audits, and that is what has continued.

The only cost savings I could see happening would be in auditor travel expences, and those are pretty small.

Now I'm curious how many auditors our parent gets during their annual review. They are significantly larger than we are.

...Annex 2 establishes, as a "rule of thumb", that the annual surveillance audit time should be approximately 1/3 of the time spent during the initial certification audit.

Really?
Registration took four man-days for us (2 auditors * 2 days) - and we get 3 surveillance days per year.
Are we getting ripped off?!?!?!?!?

Really?
Registration took four man-days for us (2 auditors * 2 days) - and we get 3 surveillance days per year.
Are we getting ripped off?!?!?!?!?
Yes Rachel you are getting ripped off. There should be no more than 2 days per year IMO.

Good to know...I'll be making a call to our auditor.

Good to know...I'll be making a call to our auditor.
After you get the CB to reduce the number of days to two you can tell management you got the cost reduction due to your excellent maintenance of the management system. :)

Many CBs, I have seen, quote less initial audit fee to secure clients. But they will increase surveillance audit frequency to cover up the loss or make some more profit. Company seeking certification should examine the quote given by CB to ensure that inital /surveillance/re-certificaion auditor-time are as per specified guidelines.

I'd like to resurrect this discussion based on all the downsizing that is currently going on...

When we were certified in 1995, we had twice the number of heads than we currently do.

Should the current recert audit be based on the original audit, or on the size of the organization as it is today? I have 4 man days scheduled for a recert on a company with 159 people. Does that seem like a lot?

Should the current recert audit be based on the original audit, or on the size of the organization as it is today? The determination of the audit-days should be based on the estimated headcount at the time of the audit. I have 4 man days scheduled for a recert on a company with 159 people. Does that seem like a lot?Not really. As mentioned numerous times, the IAF MD5 document is freely available. That is the document most CB's should be using. That document states:
RECERTIFICATION
6.1 The duration of the recertification audit should be calculated on the basis of the updated information of the client and is normally approximately 2/3 of the time that would be required for
an initial certification audit (Stage 1 + Stage 2) of the organization if such an initial audit were to be carried out at the time of recertification (i.e. not 2/3 of the original initial certification audit duration). The audit duration shall take account the outcome of the review of system performance (ISO/IEC 17021 cl. 9.4.1.2). In your case, with 159 employees, the STARTING POINT (for initial audit) would be 8 audit days. 2/3 of that would be approximately 5.5 audit days. So, it looks like your CB is giving you some allowance, for system performance, or another reason and has reduced the number of audit days for your re-certification audit.

Thank you Sidney, as always.
Rosie

Thank you Sidney, as always.
RosieYou are most welcome. Whatever it takes to please the Warrior Goddess of Quality. Nobody wants an upset warrior goddess around us. :lol:

You are most welcome. Whatever it takes to please the Warrior Goddess of Quality. Nobody wants an upset warrior goddess around us. :lol:

Ya, babe, it ain't pretty when she loses it!:mad:

This is what happened last time I did that...

http://elsmar.com/Forums/attachment.php?attachmentid=1119&d=1060123567

This is what happened last time I did that...

http://elsmar.com/Forums/attachment.php?attachmentid=1119&d=1060123567Option 1: You lost some weight, since I saw you last.
Option 2: We need flour on this pic...:tg:(inside joke)

My God! Who had the camera?? I thought I left no survivors on that one!

Flour... :lmao:

None of you ever wondered why my avatar is a disembodied head?