Is it OK if Registrar and Internal Auditing "Contractor" are the same company?

Sidney Vianna

Post Responsibly
Staff member
Admin
#21
Curious though, how does one report something suspect like this?
If you only have a suspicion, but no objective evidence, don't bother reporting it. No accreditation body will act on hearsay.
Now, if you do have objective evidence of the transgression, and, since this is an AS9100 certification, you can use the feedback loop in the OASIS database website and trigger a feedback to the accreditation body under which the certificate was issued.
 
Elsmar Forum Sponsor

Helmut Jilling

Auditor / Consultant
#23
Many 3rd party auditors contract with registrars too. Some contract with multiple registrars.
Contract auditors can do consulting work for a certified client, but they cannot provide auditing services for that same client. That is not the same as saying the registrar is providing the consulting. It is generally handled as an arms-length arrangement, and the registrar is not involved in the consulting activities at all. It can be done appropriately, where there should not be a problem. (I should add, this is a general ISO answer. I do not know if the AS scheme has more specific prohibitions).
 

John Broomfield

Staff member
Super Moderator
#24
Can you help me understand. . .
Would love some guidance from the experts on this. There is, in this case AS9100, but could be other standards as well, a registrar company who uses "contractors." They are utilized for both certification AND internal quality auditing services. So, this registrar certified a company and also has a contract with the same company to come in to conduct their periodic internal quality audits. When questioned, they claim that since they are "contractors" they are within any constraints ISO has established. I mean, I wouldn't want the same company that comes in for surveillance audits to also be the one doing IQAs. It's not the same person doing both services, just the same registrar company. I'm not an expert on this, but it just doesn't sound right to me. It could just be me and is actually a common, acceptable practice.

Your thoughts?

Pink Pearl,

No part of the certified system should depend on its certifier for its conformity.

This means no advising, no internal auditing and no in-house training.

No matter what finagling they do, registrars that do this are undermining the value of their certificates to the customers of their clients.

Clients should sue such registrars for seemingly damaging the independence of their certification.

But they won't. Instead, they will continue to pander to their registrars by giving them business beyond certification.

Whatever happended to customer focus?

John
 

Helmut Jilling

Auditor / Consultant
#25
Pink Pearl,

No part of the certified system should depend on its certifier for its conformity.

This means no advising, no internal auditing and no in-house training.

No matter what finagling they do, registrars that do this are undermining the value of their certificates to the customers of their clients.

Clients should sue such registrars for seemingly damaging the independence of their certification.

But they won't. Instead, they will continue to pander to their registrars by giving them business beyond certification.

Whatever happended to customer focus?

John
Are you arguing that an independent person like myself should be prohibited from providing consulting services, or only that the CB who registers them should be prohibited? I agree it would be a conflict for the CB, but I don't see why it should be a conflict for the independent consultant. That is why I am independent in the first place.
 

John Broomfield

Staff member
Super Moderator
#26
Are you arguing that an independent person like myself should be prohibited from providing consulting services, or only that the CB who registers them should be prohibited? I agree it would be a conflict for the CB, but I don't see why it should be a conflict for the independent consultant. That is why I am independent in the first place.
Helmut,

I am talking about the certifiers not the auditors.

They are the ones undermining the value of their product.

Strange but true.

John
 

Helmut Jilling

Auditor / Consultant
#27
Helmut,

I am talking about the certifiers not the auditors.

They are the ones undermining the value of their product.

Strange but true.

John
I'm with you on that, insofar as some players do inappropriate things. Most try to maintain things at a very appropriate level. I guess like most industries, a few bad ones can spoil things for the good ones.
 
#28
Contract auditors can do consulting work for a certified client, but they cannot provide auditing services for that same client. That is not the same as saying the registrar is providing the consulting. It is generally handled as an arms-length arrangement, and the registrar is not involved in the consulting activities at all. It can be done appropriately, where there should not be a problem. (I should add, this is a general ISO answer. I do not know if the AS scheme has more specific prohibitions).
Thank you Helmut for putting this point eloquently when I'd tried and failed earlier.
 
T

tomvehoski

#29
I'm speaking of an arrangement for a sister company, not mine. Basically, my CB auditors did share that they managed the audit program for them. And then just recently found out that they are also their CB auditors too. That's when a red flag went up and I questioned them. I suspect they want to manage the audit program for my company too since we have a new president that worked with them at the sister company. Gray area I said, but no, contractors they said. It could also be they bill under separate entities. I just don't know.

Curious though, how does one report something suspect like this?
This is what I read as most likely about the situation.

Lets say you work for Acme Inc., and are registered by XYZ Registrar. Bob and Sally are your auditors, representing XYZ Registrar.

Bob and Sally told you they do the internal audit work (consulting) for your sister company, AAA Company. Lets say they are incorporated as B&S Consulting. They also told you that XYZ Registrar does the registration audit for AAA. Did they say that they, personally, do the registration audit for AAA?

If Bob and Sally are contractors with XYZ, they are free to consult with AAA if they are not representing XYZ in that transaction. If XYZ is also assigning them to do the registration audit for AAA, then there is a conflict. Most likely AAA contracts with B&S Consulting for internal audits and XYZ Registrar for registration audits. That is fine as long as Bob and Sally do not conduct both internal and registration audits for AAA.

I think that makes sense....
 
S

scoraccio

#30
Some may run parallel companies. I know Perry Johnson has Perry Johnson Registrar and Perry Johnson Consulting. They are different legal entities which gets them around the requirements noted above. Not sure if they share personnel though. It is also common in the accounting field. I worked for a CPA consulting firm, but we also had a "separate" audit firm. Same building, same partners (iirc), but two different legal entities so it was all good as far as the IRS was concerned.

Are you sure they contracts are really with the same company? It could just be they sound similar.
This is one reason Perry Johnson is not a popular name among Registrars. One reason.

Justified or not, most registrars I work with/for bristle at the name.
 
Thread starter Similar threads Forum Replies Date
Coury Ferguson Should a Registrar write a NC on something that was found during the Internal Audit Registrars and Notified Bodies 138
tony s Let the Registrar audit the Internal Audit process Internal Auditing 45
Marc Conducting Internal Audits vs. Third Party (Registrar) Audits Internal Auditing 11
Marc Internal Audit Findings and the Registrar Internal Auditing 5
M AS9100D Registrar pre-audit requirements AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 15
G 0 non conformities in registrar audits over 4 years Management Review Meetings and related Processes 12
M Do AS9100 Registrar Auditors have nonconformity quotas? General Auditing Discussions 18
J Conflict of Interest Registrar/Notified Body/Testing House Quality Manager and Management Related Issues 4
R Change Notification - Registrar vs Notified body ISO 13485:2016 - Medical Device Quality Management Systems 1
Robert Stanley Which Registrar Should I Choose for ISO 9001:2015 registration? Registrars and Notified Bodies 10
E Choosing an ISO 9001 registrar with auditors familiar with our industry Registrars and Notified Bodies 10
L Audit boundaries - Is a Registrar permitted to audit a company's QMS by visiting their suppliers? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 26
Jen Kirley Is your registrar (CB) accredited? ASQ, ANAB, UKAS, IAF, IRCA, Exemplar Global and Related Organizations 9
K Seeking ISO 13485 Registrar Recommendations Registrars and Notified Bodies 15
P Notify Registrar of Escalation letter IATF 16949 - Automotive Quality Systems Standard 1
M New AS9100 Registrar - Recommendations for Transfer Registrars and Notified Bodies 3
M Notifying Registrar of Significant QMS changes ISO 13485:2016 - Medical Device Quality Management Systems 2
A ISO 9001:2015 registrar Auditor requesting copies of procedure prior to audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 24
N Does anyone know a registrar that offers both ISO 9001 and ISO 17020? Registrars and Notified Bodies 6
S Certification Body, Registrar, Notified Body - What is the difference? Registrars and Notified Bodies 3
1 ISO Registrar with waste water treatment experience Registrars and Notified Bodies 1
D How can a company transfer their AS certificate from a suspended AS91XX registrar? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
P Delay in IATF 16949 Certification from Registrar Registrars and Notified Bodies 10
M Should Potential Customer Complaint Outcome Define Registrar NC Rating? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
Q Is a Domain Registrar a Critical Supplier? ISO 13485:2016 - Medical Device Quality Management Systems 11
F Which Medical Device Standard Registrar would you recommend? CE Marking (Conformité Européene) / CB Scheme 5
WCHorn Transfering certificate from Registrar "A" to Registrar "B" ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
W Registrar Practices - Audit Plan with Scope, Dates/Times, etc. ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
D Breach of Contract from Registrar (Auditor Payment Issue) Registrars and Notified Bodies 18
V Under what circumstances will a Registrar Audit a Company? (ISO 13485 - Canada) Canada Medical Device Regulations 5
M Contacting a "Must Use" (aka Sole Source) Supplier's Registrar Supplier Quality Assurance and other Supplier Issues 6
C Registrar Charges Per CAR Written Registrars and Notified Bodies 18
Q Supplier evaluation for registrar? Registrars and Notified Bodies 2
A AS9100 Registrar Expense Report Practices Registrars and Notified Bodies 3
M Answered; Registrar Dropped ISO 14971 Certification Program; What Now? ISO 14971 - Medical Device Risk Management 4
R Registrar Annual Management Fee Registrars and Notified Bodies 4
L Registrar Audit Report Length General Auditing Discussions 6
A AATT Aerospace Auditor Requirements for an AS9100 Registrar AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 10
E Consultant Person who implemented ALSO the Registrar Auditor? Consultants and Consulting 17
L Registrar Audit Scope and Limits ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
B TS 16949 Auditor Availability and Registrar Scheduling Delays Registrars and Notified Bodies 4
S QSB+ revoked - Notify registrar, what's next? Customer and Company Specific Requirements 3
P Which TS 16949 registrar do you use? Registrars and Notified Bodies 4
V Our Registrar has been Suspended AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
A Looking for an ISO 9001 Registrar in Bucks County, PA, USA Registrars and Notified Bodies 2
N Second Registrar Visit to Confirm Major Nonconformances Fixed ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
T Registrar Gap Assessments AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
M How to find a Good Registrar (Certification Body) for ISO TS 16949 certification Registrars and Notified Bodies 3
S Which is the "Best" Registrar Accreditation Body? Registrars and Notified Bodies 3
R "Use of Registrar's Logo" question ISO 13485:2016 - Medical Device Quality Management Systems 5

Similar threads

Top Bottom