Ryan, Dmitris thanks for your comments.From the harmonisation point of view we need a simplified model that helps us to compare (map) two different conformity assessment bodies: accreditation bodies (NABs) and certification bodies (CABs).Let’s focus on NABs.ISO/IEC 17011 sets out the following requirements for accreditation bodies and the process of accreditation:1) accreditation body requirements;2) management requirements;3) human resource requirements;4) accreditation process requirements;5) requirements for responsibilities of the accreditation body and the CAB. Looks like some jurisdictions (instead of accreditation) use an alternative system where a single membership organisation (like CPA Canada ?) whose accreditation is based on so called peer assessment. The relevant standard here is ISO/IEC 17040 which contains:1) structural requirements;2) human resource requirements;3) information and documentation;4) peer assessment process requirements;5) confidentiality requirements,)6) complaints handling requirements;7) guidance on financial aspects, assessment techniques for use by peer assessment teams and information to be included in the peer assessment report.As both approaches have the same goal and similiar results (accredited CABs), one way of harmonisation could be a minimal set of requirements so that both approaches become acceptable irrelevant to their underlying organisational complexities. Obviously we can do this with active participation of CABs.Thanks,M.D.Sent from my Galaxy -------- Original message --------From: Ryan Sleevi <[email protected]> Date: 4/6/22 15:56 (GMT+02:00) To: Dimitris Zacharopoulos <[email protected]> Cc: Ryan Sleevi <[email protected]>, "[email protected]" <[email protected]> Subject: Re: Policy 2.8: MRSP Issue #219: Require ETSI auditors to be ACAB-c members On Wed, Apr 6, 2022 at 1:43 AM Dimitris Zacharopoulos <[email protected]> wrote: I was mainly trying to highlight some known differences between CPA Canada and NABs. In practice, can you please confirm whether CPA Canada performs audit reviews against their licensed practitioners, and if so, how frequently? As I explained, NABs actually review/assess audit cases of CAs performed by their CABs on an annual basis.Right, and my explanation was to try to capture that the NAB/CAB review is to a different goal, and purpose, so it's not really a comparison you can make, because they're seeking to achieve different results, following different processes.In the context of WebTrust licensing, the WebTrust team at CPA Canada would perform a review prior to the issuance of a seal to a licensee. So, in one sense, "every" report is being reviewed. However, you can't directly compare this to what the NAB is doing for the CABs, and using a term like "audit review" may be confusing without understanding the nuanced model of the approaches and differences with WebTrust (/IFAC/CPA Canada/AICPA) and ETSI (/EA/NAB/CAB). The NAB review of the CAB is not necessarily a quality review towards the particular goals of a consumer of a particular audit report (i.e. it's not a quality-control review, like WebTrust), but rather, closer to a professional conduct review (e.g. against ISO CASCO's work). This should be clear in looking at the role the Supervisory Body performs with respect to reviewing the CARs from CABs, and how that's a functionally different step and goal than the NAB assessment.
-- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAErg%3DHGzsHavnoGrZ%2B%3Dp39fBwZR1u3HrZBQe%2BRDE%3D%2BZEj054Aw%40mail.gmail.com. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/624e2b17.1c69fb81.4d57d.a840%40mx.google.com.
