We are currently going through our 2nd surveillance to 27001 (Information Security) The auditor is here at the moment with our Chief Informaiton Security Officer.
My collegue has within the last few minutes told me that the auditor will raise a non conformance against him as he has been perfoming internal audits. My collegue does not agree with this (as I don't) The auditor has citied that he can not be impartial as he works for the company and owns the system. (my collegue has just completed a full audit training programme)
He said it would be acceptable that I audit the 27001 system we have in place although my collegue argued that I would not have the specialised knowledge to do this.
Failing this, then an external company.
I have been performing internal audits at the company for 15 years to 9001 and for 3 years to 14001 and have not had one non conformance re this previously.
I would appreciate your information on this please?