Thanks for the reply howste.
I totally agree that internal audits are used to a)determine if requirements have been met and b) if the QMS is effectively implemented. I fail to see your point. Let me clarify mine.
1. Just because someone internal to my company has not audited a certain process, (process X) but someone external to my company has audited process X and reported their findings in writing, why can I not make a determination of meeting requirements based on the findings at hand? Data is data. Based on the previous replies to this thread how come subcontracted auditors fit this bill (i.e. external auditor who reviews process X and writes a report), yet the results of the registrar (who by the way is a subcontracted auditor) can not be used in the same exact manner. Remember ... where in the standard does it say this is not allowed?
2. I think the same is true for point b). It is the data/audit findings that are being used to help make the determination if the QMS has been effectivly implemented. Where does it say in the standard that only data from internal audits can be used to make this determination? I don't see it (that's why I'm looking for help here on the Cove).
Now before a Sea Lawyer gets a hold of this, let me further clarify my interpretation by saying I 100% agree that you can not use the results of any surveillance audit to "take the place" of conducting any internal audits at all, as required by 8.2.2. Internal audits are needed as a value added function ... no disagreement there. My point is since by the standard I am allowed to "take into consideration status, importance, and previous audit results" (reguardless of where the audit results come from) when selecting those areas or process I want to audit, why can I NOT select to audit those functions of the MR since previous audit data tells me those functions are OK?
I would agree at a minimum, I would need to have the MR functions that can not be audited by the MR (i.e. can't audit his/her own work) reviewed during an internal audit at least ONCE during the life of the certificate, but not every time an internal audit is conducted. Again, not looking for minimums or weasel methods ... just asking who sees it this way as a possible method to save resources and still add value to the QMS and the business process.