Reasons To NOT Address Compliance In Internal Audits
If your high level procedures are compliant, your lower level procedures must be as well. Every time your registrar visits , it chooses a sample of your systems and verifies, among other things, compliance to the standard. Theoretically, every year they should cover every compliance element at least once. And every 3 years they are supposed to (although it appears this practice is dying) they are (were?) supposed to go through - well, essentially a thorough (complete?) audit like the registration audit. It seems more and more registrars are admitting that the 3 year blowout audit isn t really much more than a money maker. It doesn t accomplish much when you re there every 6 months to a year anyway.
ISO 19011 - Quality and Environmental Management Systems Auditing Forum Discussions