Good day
@JohnfromIN ;
I infer from your your moniker/handle that I, like you, am also
"John from IN".
A couple of questions if I may...
1- Are you certified to ISO 9001 or IATF 16949 (i..e what governing standard are we dealing with?)
A- If we are dealing with ISO 9001, then, as you obviously know, the requirements are only a framework (i.e. very little specificity in regards
to what and when).
B- If we are dealing with IATF 16949, then, the requirement is to cover "all...management system...over each three year calendar.."
The emphasis is now/currently on risk based thinking. Audit frequency considerations require prioritization by the processes importance, past history, and "risk". It sounds to me as if your auditor is stuck in the old
"every clause-every year- Excel calendar" approach. While that is "ok" (to a point), there must be consideration and/if necessary, frequency adjustment based on the aforementioned considerations.
Based on your comments and obvious knowledge of the standard, I would be surprised if your internal audit process has not been audited at least once in the past 3 calendar years.
In regards to your auditor's comment ..."an auditor cannot audit his own work". Nowhere in the standard is this stated. The only requirement is to have auditors conduct audits "...to ensure objectivity and impartiality..."
Sounds like you may be correct to consider challenging the non-conformance finding (if indeed my understanding/assumptions are correct).
Be well.