I've been reading postings on this site and now I am facing a delima that I could use some advice on. I am fairly new to this company and have attended a few audit closing meeting, just finished one. What is getting to me and I am trying to change the practices. So here are what I don't agree with for the current practice.
1) The audit report list CAPA# for each non-conformance
2) Lead auditor is the originator of the CAPA for the non-conformances (they enter the CAPA into the CAPA system)
3) The QA manager asks me during my audit meeting if I'm going to assign a PA to one of the non-conformance that I had identified

So what do you think. I am trying to convince them that this is not a good practice since it shows a lack of indenpendent in the internal auditing system when the Auditors are deciding with others at the closing meeting that a Corrective Action or a Preventive Action is assigned to a non-conformance or observation. Any insight is greatly appreciated.

TLV

I've been reading postings on this site and now I am facing a delima that I could use some advice on. I am fairly new to this company and have attended a few audit closing meeting, just finished one. What is getting to me and I am trying to change the practices. So here are what I don't agree with for the current practice.
1) The audit report list CAPA# for each non-conformance
2) Lead auditor is the originator of the CAPA for the non-conformances (they enter the CAPA into the CAPA system)
3) The QA manager asks me during my audit meeting if I'm going to assign a PA to one of the non-conformance that I had identified

So what do you think. I am trying to convince them that this is not a good practice since it shows a lack of independent in the internal auditing system when the Auditors are deciding with others at the closing meeting that a Corrective Action or a Preventive Action is assigned to a non-conformance or observation. Any insight is greatly appreciated.

TLV

I personally don't see any problem with the current practice. As for the person generating the CA or PA being called the Lead Auditor, I don't fully understand that practice. Under normal circumstances, in my opinion, there is one Lead Auditor assigned to the Audit Team. This Lead Auditor would determine if a CA, PA, or observation would be generated. This after discussions with the Auditors and mutually acceptable decision. But overall, I don't think there is a current need to change the practice.

Could you please define a little clearer what is meant by a lack of independence of the Auditors. If we are talking about ISO9001:2000, the only requirement that I am aware of is that the Auditor cannot audit their own work.

I've been reading postings on this site and now I am facing a delima that I could use some advice on. I am fairly new to this company and have attended a few audit closing meeting, just finished one. What is getting to me and I am trying to change the practices. So here are what I don't agree with for the current practice.
1) The audit report list CAPA# for each non-conformance
2) Lead auditor is the originator of the CAPA for the non-conformances (they enter the CAPA into the CAPA system)
3) The QA manager asks me during my audit meeting if I'm going to assign a PA to one of the non-conformance that I had identified

So what do you think. I am trying to convince them that this is not a good practice since it shows a lack of indenpendent in the internal auditing system when the Auditors are deciding with others at the closing meeting that a Corrective Action or a Preventive Action is assigned to a non-conformance or observation. Any insight is greatly appreciated.

TLV

Welcome, TLV. :)

I'm not sure I'm seeing what you're objecting to. Are you saying that the lead auditor gathers audit findings and reports them, rather than having the auditors do it themselves? If that's the case, there's a possibility for things to get lost in translation, but I don't see it as a problem in itself. I also don't see what the problem might be in the QA manager asking about whether PA is going to happen. Could you explain a little bit more about your concerns?

My concern is that the internal auditor is giving direction on how to fix a non-conformance. In addition, every findings/non-conformance is being recorded into the system as a CAPA. I guess this also probably point to our weakness in our CAPA system. I forgot to clarify that we audit against ISO13485 and 21 CFR 820 (QSR). Thanks to those that replied.

TLV

Each nonconformance will indeed need its own corrective action (assuming that they are accepted) but I agree that it should be the auditee, not the auditor, who is the source of the suggested corrective action.

Before presenting the NC I think the auditor should consider what s/he would expect to be suitable action and s/he should verify that the action proposed by the auditee is appropriate (or not), along with a 'sensible' timescale for resolution and follow-up.

There may be an occasion where the auditee cannot suggest an appropriate action in which case the auditor may suggest options and/or it may go forward to others for their thoughts too.

My concern is that the internal auditor is giving direction on how to fix a non-conformance. In addition, every findings/non-conformance is being recorded into the system as a CAPA. I guess this also probably point to our weakness in our CAPA system. I forgot to clarify that we audit against ISO13485 and 21 CFR 820 (QSR). Thanks to those that replied.

TLV

There is nothing in your original post to indicate that the Lead Auditor is providing guidance on how to resolve the Corrective/Preventive Actions generated from the internal audit. If that is the case, however, I will say this...

Depending on the nature of the CAPA, sometimes the internal auditor may be the most qualified to help resolve the situation. I don't personnally don't see it as a big deal if - on the internal side - the auditor is helping the recipient of a CAPA out. Internal audits are like a double-edge sword...no one wants findings, but we'd rather find them ourselves than pay the external to find them!

How does the recording of every nonconformance discovered during the internal audit being recorded as a CAPA equate to a weakness in the system?

I'm sorry, but I honestly don't see a problem yet in your system. I'm not saying it's perfect, but we don't know all the subtle details.

Perhaps you could tell us what recommendations you would propose to your organization.

Thanks for all your feedback. Sorry, I probably didn't give enough information in my original post and there are too many details to go into. Too much in a rush. In my last post, instead of saying every non-conformance, I should have really said that small findings are listed as non-conformances. Let say 2 steps within a procedure are not followed, there would be 2 non-conformances listed in the audit report, for example non-comformance #1: inspection per SOP123 is not completed per step 2, non-conformance #2: form listed in SOP123 not completely filled in for 3 out of 6 records reviewed. Another example is non-conformance #3 - an obsolete procedure was still refrenced in SOP456. Then a CAPA is assigned to each of these non-conformance. Do you think this is OK? Am I way off base here.

TLV

Thanks for all your feedback. Sorry, I probably didn't give enough information in my original post and there are too many details to go into. Too much in a rush. In my last post, instead of saying every non-conformance, I should have really said that small findings are listed as non-conformances. Let say 2 steps within a procedure are not followed, there would be 2 non-conformances listed in the audit report, for example non-comformance #1: inspection per SOP123 is not completed per step 2, non-conformance #2: form listed in SOP123 not completely filled in for 3 out of 6 records reviewed. Another example is non-conformance #3 - an obsolete procedure was still refrenced in SOP456. Then a CAPA is assigned to each of these non-conformance. Do you think this is OK? Am I way off base here.

TLV

I don't know how mature your organization's system is, but when there are repetitive issues of similiar natures, I've typically seen an auditor "up" the nature of the finding to something more significant. In thise case, it sounds as if documented processes do not match actual practices. The examples that your provided would then serve as evidence to support the finding that is written. Root cause and an action plan could then be developed to address the larger - and more serious - issue.

However, perhaps the Lead Auditor has reasons for issuing the individual findings and you should ask him/her why s/he chose that approach before modifying the existing audit process.

Thanks for all your feedback. Sorry, I probably didn't give enough information in my original post and there are too many details to go into. Too much in a rush. In my last post, instead of saying every non-conformance, I should have really said that small findings are listed as non-conformances. Let say 2 steps within a procedure are not followed, there would be 2 non-conformances listed in the audit report, for example non-comformance #1: inspection per SOP123 is not completed per step 2, non-conformance #2: form listed in SOP123 not completely filled in for 3 out of 6 records reviewed. Another example is non-conformance #3 - an obsolete procedure was still refrenced in SOP456. Then a CAPA is assigned to each of these non-conformance. Do you think this is OK? Am I way off base here.

TLV

With this information, I would be just a little concerned on why the auditors are identifying each non-conformance as an individual finding when it really is one. For example: Procedure XYZ is not being followed in its entirety (Make sure that each finding is documented on the one...just a suggestion). But even with this information, I still feel personally there is no need at this time to change the practice.

OK, I get the picture better now. Usually, I try to group nonconformances to highlight where the system is failing. If there are 3 or 4 instances of the same form not being filled in properly, I regard that as 1 N/C - not 3 or 4.

Having said that, I normally assign each 'problem' its own corrective action rather than stick them all together. Otherwise you may have different actions, responsibilities and timescales all on the same N/C which would most likely cause confusion.

Ditto what Roxane said. :agree:

When an inspection isn't done, the CAPA should address the lack of inspection; there may be a need to look for uninspected product and figure out if any discrepant product made its way to the customer.

If a form isn't filled out all the way 1/2 half of the time, the matter isn't inspection, it's following procedures, recordkeeping or even something else, since no one seems to have figured it out yet. Even if it's the same procedure, the issue is a different one. But, as Coury has said, each of these three instances don't need their own CAPAs--the CAPAs can be assigned to more than one person if there are multiple players. But that can get a little messy looking too. Consider what closure would have to look like if you want to reduce the number of CAPAs issued enough to combine some of them.

Not following procedure is its own issue since it's a different procedure--unless perhaps it's the same process.

If an observation repeats, a CAPA should be considered for that repeat issue.

So I agree that these are individual issues and it appears they should indeed be addressed with their own CAPAs. I understand it will look like a big pile has landed with a large number of CAPAs being issued in one audit, but that's not a worthwhile consideration of whether or not to issue them.

Ok.. I should really need to change the post title to improving and not really changing the current audit practice. Your inputs have been helpful. I will continue reading other posts to get more ideas.

Ok.. I should really need to change the post title to improving and not really changing the current audit practice. Your inputs have been helpful. I will continue reading other posts to get more ideas.

It can be done by any of the Moderators, just ask. That really is a better Title improving

3) The QA manager asks me during my audit meeting if I'm going to assign a PA to one of the non-conformance that I had identified

If your audit has identified a non-conformity, then a PA is no longer applicable, any action request assigned should be CA.
PA is "Preventive Action" and you obviously cannot prevent a non-conformity which has already occurred, you can only correct it.

The PA would be applicable to actions taken in different processes where a similar occurrence may take place but hasn't. This is also known as addressing the corrective action impact across organization.

If your audit has identified a non-conformity, then a PA is no longer applicable, any action request assigned should be CA.
PA is "Preventive Action" and you obviously cannot prevent a non-conformity which has already occurred, you can only correct it.

Here is a situation I want to get some opinions on. I had a situation where one of my facilities went over the threshold for Hazardous Waste. (We generate hazardous waste as a result of chemical spill cleanup). One of the facilities went over the 2200 lb. threshold and now the EPA is requiring we status our facilites in that region as Large Quantity Generators (although, we have not done it before or since) - we have to remain at LQG status for one year. (Corrective Action - refiled appropriate paperwork - provided required training, updated contingency plans etc etc) As a result, to PREVENT the same situation from happening in another region, we are preparing documents that can be completed on the fly so a facilitiy facing the same situation could file for LQG status rather quickly and easily.

I think this is a preventative action - curious to see who agrees?

I can only give an automotive slant to this where it would fall under part of the original corrective action. TS16949 has added 8.5.2.3 Corrective action impact to the ISO 9000 requirement 8.5.2 Corrective action. 8.5.2.3 states " The organization shall apply to other similar processes and products the corrective action, and controls implemented, to eliminate the cause of a nonconformity."

I don't think it matters too much what you call it as long as you are taking action and making your system more robust.

Hi. I was a level II certified international medical device investigator for the FDA for over 2 years, and now a contract international medical device consultant for hire.

I have no problem with this practice. However, what I have a problem with is companies issuing CAPA's for every internal audit finding and non-conformance (external or internal). Contained in the audit, N/C, and complaint sections are the need to conduct corrective actions. CAPA's are for big picture items. This is why one has to conduct analyses of all CAPA source data (which includes internal audit data) to determine whether additional CAPA's need to be generated. It seems that many companies do not understand the CAPA process and get burnt when FDA walks inside- especially 21 CFR 820.100(a)(1)- analyses and (a)(4)- verification/validation of CAPA action effectiveness + action does not adversely affect the finished device.

I've been reading postings on this site and now I am facing a delima that I could use some advice on. I am fairly new to this company and have attended a few audit closing meeting, just finished one. What is getting to me and I am trying to change the practices. So here are what I don't agree with for the current practice.
1) The audit report list CAPA# for each non-conformance
2) Lead auditor is the originator of the CAPA for the non-conformances (they enter the CAPA into the CAPA system)
3) The QA manager asks me during my audit meeting if I'm going to assign a PA to one of the non-conformance that I had identified

So what do you think. I am trying to convince them that this is not a good practice since it shows a lack of indenpendent in the internal auditing system when the Auditors are deciding with others at the closing meeting that a Corrective Action or a Preventive Action is assigned to a non-conformance or observation. Any insight is greatly appreciated.

TLV

I can't imagine how I missed this one...........:lol:

I agree that it's not the responsibility of the Lead Auditor (if we're talking internal audits here) to do any of these things. IMHO you're correct, the auditors shouldn't be proposing actions, doing any admin of the CAPA database or assigning PA to anything.

Having said that, I'd want to suggest two more things that your audit program will have to assure, before you make these changes:-

a) that your audit schedule and planning involve management in the process, so that the audits address something about the operations that they can see some value in, and
b) the auditor actually report something that you management thik is worth taking action on.

Without these aspects of you audit program being fixed, I'm with the others, even though I don't agree with them.........:mg:

Here is a situation I want to get some opinions on. I had a situation where one of my facilities went over the threshold for Hazardous Waste. (We generate hazardous waste as a result of chemical spill cleanup). One of the facilities went over the 2200 lb. threshold and now the EPA is requiring we status our facilites in that region as Large Quantity Generators (although, we have not done it before or since) - we have to remain at LQG status for one year. (Corrective Action - refiled appropriate paperwork - provided required training, updated contingency plans etc etc) As a result, to PREVENT the same situation from happening in another region, we are preparing documents that can be completed on the fly so a facilitiy facing the same situation could file for LQG status rather quickly and easily.

I think this is a preventative action - curious to see who agrees?

It doesn't seem like either one - CA or PA. If you clean up other company's messes, then wouldn't the amount you generate be dependent on the amount other companies generate? The EPA assigns different levels of exemption based on the amounts you generate. When you go through a threshold, you qualify for the next level. Isn't that just how the program is supposed to work?