Hello, first post but long-time reader of other posts, please be gentle 
For many years now I've been developing internal audit Programs for MRO's in Australia and I've generally accepted that there is not 'clean' way to cover all Internal Audit requirements that come from AS9110 (i.e. think process approach and risk-based) and Part 145 (in our case CASA/DASA but not wildly dissimilar to EASA).
The regulatory side does not care about processes, it wants us to audit our exposition and procedures (including sampling product) in entirety each 12 months, as they've been approved by the regulator. The exposition is also not written in a process approach. AS9110C allows for the risk-based approach and you can spread audit frequency out over multiple years based on priority of risk.
This to me creates a conundrum, because AS9110 is designed to supplement/complement Part 145 yet the regulations contradict the AS9110 requirements for internal audit frequency. I'm aware that AS9110 states that the regulations take precedence, however; there is additional content in AS9110 to audit (i.e. objectives, management review, context of the organisation etc.).
My question to the brains trust:
Is there a 'best practice' approach to merging all audit requirements of Part 145 and AS9110 into a nicely packaged audit program, whereby you're not duplicating effort and you're able to use standardised audit checklists that cover all requirements? I'm very interested in learning from anyone who has achieved a good level of success in the MRO internal audit environment.
*Note: I'm aware of many resources online that promise to cover AS internal audit but they are all born out of the AS9100 and the manufacturing environment, which in my view is much more achievable for internal audit when compared to MRO.
Thank you
For many years now I've been developing internal audit Programs for MRO's in Australia and I've generally accepted that there is not 'clean' way to cover all Internal Audit requirements that come from AS9110 (i.e. think process approach and risk-based) and Part 145 (in our case CASA/DASA but not wildly dissimilar to EASA).
The regulatory side does not care about processes, it wants us to audit our exposition and procedures (including sampling product) in entirety each 12 months, as they've been approved by the regulator. The exposition is also not written in a process approach. AS9110C allows for the risk-based approach and you can spread audit frequency out over multiple years based on priority of risk.
This to me creates a conundrum, because AS9110 is designed to supplement/complement Part 145 yet the regulations contradict the AS9110 requirements for internal audit frequency. I'm aware that AS9110 states that the regulations take precedence, however; there is additional content in AS9110 to audit (i.e. objectives, management review, context of the organisation etc.).
My question to the brains trust:
Is there a 'best practice' approach to merging all audit requirements of Part 145 and AS9110 into a nicely packaged audit program, whereby you're not duplicating effort and you're able to use standardised audit checklists that cover all requirements? I'm very interested in learning from anyone who has achieved a good level of success in the MRO internal audit environment.
*Note: I'm aware of many resources online that promise to cover AS internal audit but they are all born out of the AS9100 and the manufacturing environment, which in my view is much more achievable for internal audit when compared to MRO.
Thank you
