Internal Audits performed by another local business

[howste]

Why don't we just include the whole definition here for those who don't have a copy or don't feel like looking it up themselves:

3.13.1
audit
systematic, independent and documented process (3.4.1) for obtaining objective evidence (3.8.3) and evaluating it objectively to determine the extent to which the audit criteria (3.13.7) are fulfilled

Note 1 to entry: The fundamental elements of an audit include the determination (3.11.1) of the conformity (3.6.11) of an object (3.6.1) according to a procedure (3.4.5) carried out by personnel not being responsible for the object audited.

Note 2 to entry: An audit can be an internal audit (first party), or an external audit (second party or third party), and it can be a combined audit (3.13.2) or a joint audit (3.13.3).

Note 3 to entry: Internal audits, sometimes called first-party audits, are conducted by, or on behalf of, the organization (3.2.1) itself for management (3.3.3) review (3.11.2) and other internal purposes, and can form the basis for an organization’s declaration of conformity. Independence can be demonstrated by the freedom from responsibility for the activity being audited.

Note 4 to entry: External audits include those generally called second and third-party audits. Second party audits are conducted by parties having an interest in the organization, such as customers (3.2.4), or by other persons on their behalf. Third-party audits are conducted by external, independent auditing organizations such as those providing certification/registration of conformity or governmental agencies.

Note 5 to entry: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1. The original definition and Notes to entry have been modified to remove effect of circularity between audit criteria and audit evidence term entries, and Notes 3 and 4 to entry have been added.

So, independence is still required in the standard, and audits must be carried out by personnel not responsible for the object/activity being audited.

The answer to the OP's question about using another company's auditors? Yes it's allowed. As others have mentioned there are pros and cons to doing it.

 

[Sidney Vianna]

Being independent is no longer stipulated in the "globally harmonized standards"

As elegantly demonstrated by Howste, yes it is. In the standard that matters for QMS, at least, ISO 9000:2015.

 

[Randy]

Why don't we just include the whole definition here for those who don't have a copy or don't feel like looking it up themselves:


So, independence is still required in the standard, and audits must be carried out by personnel not responsible for the object/activity being audited.

The answer to the OP's question about using another company's auditors? Yes it's allowed. As others have mentioned there are pros and cons to doing it.

Well we've gone full circle again with the primary problem being what is "independent"....

"So, independence is still required in the standard, and audits must be carried out by personnel not responsible for the object/activity being audited." That's not what is said, the statement is "can be demonstrated" not must or shall and not even should, but can and can is a voluntary decision.

In the case of audit "independence" the wording is such as to point out that the process needs to be free from improper influence and/or guidance to allow an honest objective look. Either that or there's literally a couple thousand people out there that have been taught totally wrong.

Earlier versions of 9001 specifically required that "auditors shall not audit their own work" and we all know that, but the wording was removed. Why? Because it was unnecessary BS when it can be demonstrated that the process was done in an objective, impartial manner, especially for the smaller mom & pops.

This mindset of "independence" being totally separate and outside and nothing to do with is a pile of rubbish because in no way can it guarantee impartiality and objectivity...Absolutely no way!

 

[howste]

Well we've gone full circle again with the primary problem being what is "independent"....

"So, independence is still required in the standard, and audits must be carried out by personnel not responsible for the object/activity being audited." That's not what is said, the statement is "can be demonstrated" not must or shall and not even should, but can and can is a voluntary decision.

But that is what it says:

Note 1 to entry: The fundamental elements of an audit include... carried out by personnel not being responsible for the object audited.

There is no can, might, or may in this text. The "can" is in note 3, to describe how conformity to the requirement "can" be demonstrated.

 

[Sidney Vianna]

Why?

Because of compromises having to be reached due to the High Level Structure approach for Management System Standards. One more reason to pay EVEN CLOSER attention to normative references in the different standards. ISO 14001:2015, for example, lists no normative reference. ISO 9001:2015, on the other hand, does. It does matter a lot for the sake of management system standardization.

 

[John C. Abnet]

A reminder to all;
The "Notes" within the standard are references only and are not auditable against.\

Be well.

 

[Sidney Vianna]

The "Notes" within the standard are references only and are not auditable against.

In requirements standards such as ISO 9001, notes are supposed to be clarifications; they are still "auditable", but are not supposed to be understood as firm requirements.

In standards such as ISO 9000, a principles and vocabulary document, notes are expansions of the definitions and provide valuable insight on the intent of the terms. As in the example that Howste provide for the definition of audits in the context of ISO 9001.