Is it OK if Registrar and Internal Auditing "Contractor" are the same company?

Elsmar Forum Sponsor
#12
Its starting to be a trend. Registrars are seeing that the market is saturated, and looking for more markets.

going into the internal audit fields has many advantages to the registrar. This activity isn't audited by the RAB and there is less overhead. But the registrars who perform internal audits will have to give up their Registration work with the same company.:)

It is a conflict of interest to do both internal audits and registration audits. But the registrars will gladly give up the registration side if the internal audit side makes them more money.
Not in my experience! As Tom suggests/questions - how does it make more money? Let's face facts - clients only want to spend $X on internal audits, so it really doesn't matter who actually does them. Having been a consultant and been the outsourced provider, I can vouch for the fact that once someone comes along who does it cheaper, bye, bye!

Less overhead? How? "Gladly" isn't a word you'd hear the guys I work with using to describe doing internal audits instead of Certification audits!
 
M

MIREGMGR

#13
The supply of "qualified" internal auditors/companies is many times larger than the supply of "accredited" registration auditors/registrars, so the basic laws of supply and demand indicate that they should be able to command more $/hour for registration audits.
Ah, but the supply of internal auditors who are "closely affiliated" with the NB/external auditor is much smaller. If the target company thinks for some reason that there might be an advantage to them in having that "close affiliation", they might be willing to pay extra for that "special service".
 
T

tomvehoski

#14
Ah, but the supply of internal auditors who are "closely affiliated" with the NB/external auditor is much smaller. If the target company thinks for some reason that there might be an advantage to them in having that "close affiliation", they might be willing to pay extra for that "special service".
Do you have examples of places that have actually done this? I have a hard time believing that:

1. A registrar (or auditor) is going to risk their accreditation by intentionally entering into a conflict of interest. They could easily go the PJ route and incorporate a second business as a consulting arm.

2. Any company is going to pay $1000-$1500 a day for an internal auditor when they can find a starving consultant for $300-$500.
 
P

Pink Pearl

#15
Excellent discussion, thanks all!

I was hoping Sidney would jump in and cite the conflict I was thinking of. But, after reading all responses, I take away that if both services are provided by a company that has bothered to set-up two legal entities, the conflict of interest magically disappears. Close enough for government work I guess.

I have no idea if that's the case with these guys. They didn't say their auditing services were 'technically' under a different company, just that because they were "contractors" it was OK.
 

Cari Spears

Super Moderator
Staff member
Super Moderator
#16
I have no idea if that's the case with these guys. They didn't say their auditing services were 'technically' under a different company, just that because they were "contractors" it was OK.
Many 3rd party auditors contract with registrars too. Some contract with multiple registrars.
 
P

Pink Pearl

#17
Many 3rd party auditors contract with registrars too. Some contract with multiple registrars.
Thanks Cari.

So, it appears there is a caveat or "contractor" work around. Hopefully, the IAQG is aware of this standard practice and parameters are set and audited (e.g., like the consultant rules noted before).
 

Cari Spears

Super Moderator
Staff member
Super Moderator
#18
Thanks Cari.

So, it appears there is a caveat or "contractor" work around. Hopefully, the IAQG is aware of this standard practice and parameters are set and audited (e.g., like the consultant rules noted before).
No, actually, my point was that this "contractor" argument is a bunch of whooey. It doesn't matter that these auditors performing internal audits (1st party) are contractors because it's quite common for their 3rd party auditors to be contractors.

The bottom line is, the registrar that you've hired to maintain your registration is not allowed to provide consulting or internal auditing for your company too. If they are offering to do so, I would ask how that is not a violation of the rules that Sidney cited earlier. (And, personally, I'd report them.)
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#19
The bottom line is, the registrar that you've hired to maintain your registration is not allowed to provide consulting or internal auditing for your company too. If they are offering to do so, I would ask how that is not a violation of the rules that Sidney cited earlier. (And, personally, I'd report them.)
:agree1: Well said, Cari. Some CB's complain that ISO 17021 is "too prescriptive". They forget the fact that ISO 17021 was developed to close some of these huge loopholes that existed before. But, if people don't do their part to keep CB's accountable to the standards they are expected to maintain, very little will change in unethical practices by CB's.

It is possible that the organization that Pink Pearl works for has no "written contract" for the internal audit services. Nevertheless, there should be an invoice from someone charging for those services. It would be very easy to compare invoices related to the certification services and the internal audit services. If they come from the same organization, there is the objective evidence of violation against ISO 17021.

Let's keep in mind that some organizations fall prey to unscrupulous service providers due to sheer ignorance. Others know very well that they are doing an unethical thing, but promote the practice because (they think) as long as they keep the CB happy, they will never ever be concerned in losing their certificate.
 
P

Pink Pearl

#20
I'm speaking of an arrangement for a sister company, not mine. Basically, my CB auditors did share that they managed the audit program for them. And then just recently found out that they are also their CB auditors too. That's when a red flag went up and I questioned them. I suspect they want to manage the audit program for my company too since we have a new president that worked with them at the sister company. Gray area I said, but no, contractors they said. It could also be they bill under separate entities. I just don't know.

Curious though, how does one report something suspect like this?
 
Thread starter Similar threads Forum Replies Date
Coury Ferguson Should a Registrar write a NC on something that was found during the Internal Audit Registrars and Notified Bodies 138
tony s Let the Registrar audit the Internal Audit process Internal Auditing 45
Marc Conducting Internal Audits vs. Third Party (Registrar) Audits Internal Auditing 11
Marc Internal Audit Findings and the Registrar Internal Auditing 5
M AS9100D Registrar pre-audit requirements AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 15
G 0 non conformities in registrar audits over 4 years Management Review Meetings and related Processes 12
M Do AS9100 Registrar Auditors have nonconformity quotas? General Auditing Discussions 18
J Conflict of Interest Registrar/Notified Body/Testing House Quality Manager and Management Related Issues 4
R Change Notification - Registrar vs Notified body ISO 13485:2016 - Medical Device Quality Management Systems 1
Robert Stanley Which Registrar Should I Choose for ISO 9001:2015 registration? Registrars and Notified Bodies 10
E Choosing an ISO 9001 registrar with auditors familiar with our industry Registrars and Notified Bodies 10
L Audit boundaries - Is a Registrar permitted to audit a company's QMS by visiting their suppliers? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 26
Jen Kirley Is your registrar (CB) accredited? ASQ, ANAB, UKAS, IAF, IRCA, Exemplar Global and Related Organizations 9
K Seeking ISO 13485 Registrar Recommendations Registrars and Notified Bodies 15
P Notify Registrar of Escalation letter IATF 16949 - Automotive Quality Systems Standard 1
M New AS9100 Registrar - Recommendations for Transfer Registrars and Notified Bodies 3
M Notifying Registrar of Significant QMS changes ISO 13485:2016 - Medical Device Quality Management Systems 2
A ISO 9001:2015 registrar Auditor requesting copies of procedure prior to audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 24
N Does anyone know a registrar that offers both ISO 9001 and ISO 17020? Registrars and Notified Bodies 6
S Certification Body, Registrar, Notified Body - What is the difference? Registrars and Notified Bodies 3
1 ISO Registrar with waste water treatment experience Registrars and Notified Bodies 1
D How can a company transfer their AS certificate from a suspended AS91XX registrar? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
P Delay in IATF 16949 Certification from Registrar Registrars and Notified Bodies 10
M Should Potential Customer Complaint Outcome Define Registrar NC Rating? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
Q Is a Domain Registrar a Critical Supplier? ISO 13485:2016 - Medical Device Quality Management Systems 11
F Which Medical Device Standard Registrar would you recommend? CE Marking (Conformité Européene) / CB Scheme 5
WCHorn Transfering certificate from Registrar "A" to Registrar "B" ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
W Registrar Practices - Audit Plan with Scope, Dates/Times, etc. ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
D Breach of Contract from Registrar (Auditor Payment Issue) Registrars and Notified Bodies 18
V Under what circumstances will a Registrar Audit a Company? (ISO 13485 - Canada) Canada Medical Device Regulations 5
M Contacting a "Must Use" (aka Sole Source) Supplier's Registrar Supplier Quality Assurance and other Supplier Issues 6
C Registrar Charges Per CAR Written Registrars and Notified Bodies 18
Q Supplier evaluation for registrar? Registrars and Notified Bodies 2
A AS9100 Registrar Expense Report Practices Registrars and Notified Bodies 3
M Answered; Registrar Dropped ISO 14971 Certification Program; What Now? ISO 14971 - Medical Device Risk Management 4
R Registrar Annual Management Fee Registrars and Notified Bodies 4
L Registrar Audit Report Length General Auditing Discussions 6
A AATT Aerospace Auditor Requirements for an AS9100 Registrar AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 10
E Consultant Person who implemented ALSO the Registrar Auditor? Consultants and Consulting 17
L Registrar Audit Scope and Limits ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
B TS 16949 Auditor Availability and Registrar Scheduling Delays Registrars and Notified Bodies 4
S QSB+ revoked - Notify registrar, what's next? Customer and Company Specific Requirements 3
P Which TS 16949 registrar do you use? Registrars and Notified Bodies 4
V Our Registrar has been Suspended AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
A Looking for an ISO 9001 Registrar in Bucks County, PA, USA Registrars and Notified Bodies 2
N Second Registrar Visit to Confirm Major Nonconformances Fixed ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
T Registrar Gap Assessments AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
M How to find a Good Registrar (Certification Body) for ISO TS 16949 certification Registrars and Notified Bodies 3
S Which is the "Best" Registrar Accreditation Body? Registrars and Notified Bodies 3
R "Use of Registrar's Logo" question ISO 13485:2016 - Medical Device Quality Management Systems 5

Similar threads

Top Bottom