W. Kindel,
You asked; ‘Why is it that a company needs to perform its own internal quality system audit, when we've already hired a registrar to come in and do the same thing?’
Well, the fact is, you haven’t hired a registrar to come in and do the same thing. All you have done is asked a registrar to come in and do his own thing, whatever that is. I don’t know the registrar’s plan and objectives and I doubt whether you do. All we know is that, when it is over, he will registrar or refuse to registrar, based on his own rules. We have some knowledge of what he won’t do, though;
We expect that the decision will bear some relationship to our compliance with ISO 9001/2 although it will not guarantee full compliance, even at the time of the audit. What we do know, for sure, is that it will not have been run according to our established and maintained documented procedures for planning and implementing internal audit and that, in this, it fails to meet the requirements of ISO 9001/2. Other requirements it normally fails to meet are our need to; identify the responsibilities of persons who will carry out the internal audit; provide the necessary resources including personnel and be responsible to ensure they have adequate training; initiate the audits according to our own audit schedule, etc. We will also have to audit the internal audit function with independent auditors, ie, auditors not from the registrar. Finally, we will have to review the implementation and effectiveness and take corrective action as necessary, through management review, getting committment from the registrar to put right any failures in his conformance with our procedures and objectives. We will have to record these failures, report them to his management and follow up on corrective action within his process.***
I don’t see any reason, within ISO 9001/2 why you can’t go ahead and do this, given that you get the agreement of your registrar, of course. (this might not be easy and I wouldn’t be surprised if the fee went up by about 1000%, or 10,000% when the registrar saw what you were expecting to do to him)
It’s not looking so good so far, is it? But there’s more, though it's pretty mundane stuff; No doubt there is another set of requirements relating to what registrars can and can not do, which will scupper your plan completely. I’ve never looked at these requirements but I would be very surprised if there isn’t an ‘independance’ clause in the rules handed down to them, just as there is in our clause 4.17, which will say that the people doing the work cannot make the call on whether the work is in compliance, ie; the registrar cannot award registration to his own organisation or to any organisation to which that registrar is answerable. I can’t say for certain that this is the case but if you do want an authoritive answer then you should ask your registrar and see what they say.
Thanks for the question - it's an interesting one. More interesting than at first glance when you think about the implications of the requirements it imposes on contracted auditors (see my *** above) and the can of worms this could open. I never thought about this before and I doubt if many people have. Being a contracted internal auditor myself, I prefer to say no more for the present. Keep the lid on the can.
rgds, John C
[This message has been edited by John C (edited 21 November 2000).]