Section 2.2 of the PCI Validation Requirements for Qualified Security Assessors (QSA) v. 1.1 calls for "auditor independence" within the QSA program precisely to avoid the type of conflict of interest that you are worried about. In discussing this issues with others in the industry, it is generally accepted that policies be put into place that mandate a separation of duties between QSA Auditors and QSAs, or other individuals within a QSA certified company who provide remediation support.
Dig Deeper on Regulatory compliance with cybersecurity laws and regulations
Related Q&A from John Kindervag
Learn how to ensure that your client's firewalls are compliant with PCI firewall configuration standards. Continue Reading