AS9100 - No NCR's or CA's during Stage 2 Audit

K

kjoberk

Hey all -- we made it through our stage 2 audit...with flying colors apparently.

Our auditor didn't write up any NCRs for our company, despite the fact that he said we had at least two that we needed to take care of...well, three, but one of them was more of a "make sure you do this better" since we had only been using the system for a few months.

Which confuses and kind of irritates me....they're both supposed to be used to improve our practices and our system and I feel like we were kind of short changed.

Our auditor also didn't upload any of our audit documents for almost three weeks (a few days shy of) due to "oasis problems" is what I was told by my registrar company. So I'm wondering if he just nixed the ncrs because he was behind? It's great that we didn't need to correct anything, but I feel really lousy about it. I put my heart and soul into this and walked into the audit knowing it wasn't perfect...

Additionally, all I talked about for the week after the audit was a good game plan for what we wanted to do with these ncrs and now that we don't have any, and I've been made the unofficial management rep while we're taking care of some internal things, I feel like my credibility is ruined.

Is there anything I can or should do? So do I stop looking a gift horse in the mouth and take our no ncr's without looking into it?

This is really bothering me...
 

Golfman25

Trusted Information Resource
What are you nuts? Let the sleeping dog lie.

You should have had any nonconformances laid out in your closing meeting. Sounds like you had minimal compliance but could probably beef up a few things. Take the "recomendations" and decide if you want to make changes.
 

Sidney Vianna

Post Responsibly
Leader
Admin
Is there anything I can or should do?.
How long was this audit?

Audit results should never be a guessing game. They should be clearly reported during the exit meeting. Especially to give you an opportunity to understand the findings, including any nonconformity.

Looks like you just experienced a very incompetent auditor in action. The kind of bozo the IAQG wants to rid the ICOP scheme of. You could report this to interested parties such as the accreditation bodies, the RMC, or even to the CB, but, probably, you won’t. You can always request a different auditor, but be aware you would be expected to disclose the reasons for the request.
 
K

kjoberk

How long was this audit?

Audit results should never be a guessing game. They should be clearly reported during the exit meeting. Especially to give you an opportunity to understand the findings, including any nonconformity.

Looks like you just experienced a very incompetent auditor in action. The kind of bozo the IAQG wants to rid the ICOP scheme of. You could report this to interested parties such as the accreditation bodies, the RMC, or even to the CB, but, probably, you won’t. You can always request a different auditor, but be aware you would be expected to disclose the reasons for the request.

The audit was 1.5 days long. Small company (4 employees). There was no "exit meeting" so to speak. He's the auditor for the company I work for (this was for our sister company), and he did all of the necessary things at the end of our audit (exit meeting). While he was doing the audit, he told me (I'm the project contact/manager) that he would be writing us ncr's for two different things.

Is it worth reporting this? I'm put in a weird position -- this auditor "took a shine to me" when we first met him -- I expressed interest in eventually going the consulting/auditing route and he because a "mentor" for lack of a better term. Not that I don't have other resources - I do...through this whole process, I've actually made quite a few contacts at consulting and registrar companies that will help me in the future, and I don't mind burning bridges if I need to/if it is in the best interest of the companies I work with. I've already considered reaching out to my account manager at our CB, but will it be worth it in the end? Is there a chance that my report could do something helpful to others?
 

Golfman25

Trusted Information Resource
Look, a lot of auditing is stream of consciousness -- mumbling about what they are or aren't seeing. And at a small company (4 employees), things are different. You don't need as much structure/reporting as you do in a large company. I have had auditors say "nonconformance" and then when the rubber hit the road, they changed their mind and never followed up on it. In most cases, we where in compliance, although minimally. So it really was an opportunity for improvement.

The lack of an exit meeting is a problem only in that you where not able to set in stone the results of the audit -- how many nonconformances and what they where. That he came back with zero, I'd let it go. The big issue is when the guy leaves telling you 5-6 and then comes back with 10 in the report. You're blind sided and have little chance to figure out what he is talking about (been there).

Whether or not the auditor finds a nonconformance is irrelevant to your organization. If you think there is an area for improvement (or nonconformance) fix it. It is easier to fix internally than to go through the CB process. Good luck.
 

Sidney Vianna

Post Responsibly
Leader
Admin
Whether or not the auditor finds a nonconformance is irrelevant to your organization.
So, you obviously subscribe to the gopher-auditor approach to audits, failing to realize that, in the long run, it will always come back to bite at you in the form of the multiple, redundant, inconsistent, micro-managing, hair pulling second party audits. As the cliche' goes: be careful what you wish for, because you might get it.

ANY audit should be performed by competent people, in a professional manner. Only then, the interested parties can extract any benefit from it. Wishing the external auditors become irrelevant just adds to the problem and not the solution.
 

Marc

Fully vaccinated are you?
Leader
Golfman and Sidney both have valid points, in my opinion. Sidney (again my opinion) is a bit more idealistic - How it should be. Golfman as a bit more "I work in a company and am subjected to this".

:2cents:
 

Sidney Vianna

Post Responsibly
Leader
Admin
Just to recap the context, for those not paying attention: In the Medical Device Sector, many stakeholders are feeling a tremendous amount of pain because some Notified Bodies are letting their notification lapse not to deal any longer with Competent Authorities and, in the process, making the process for products to achieve CE-marking much more onerous and longer.

The whole CE-marking process has become much more strict and expensive. Why? Because there was a perceived lack of confidence in the work of some notified bodies, allowing unsafe products to enter the market. So, the competent authorities "cracked down" on NB's to raise their game and ensure the notification process is performed very seriously and only by competent individuals. In other words, organizations who welcomed incompetent NB personnel were complicit in weakening the confidence in the process and are now feeling the pinch to maintain the CE-marking of their products, paying much more than what they used to.

Now, let's translate that to management system certification: any effort to weaken the value of management system audits will lead to a faster demise of the whole accredited certification concept and the consequences I've already described in my previous post.

For those who love to have an incompetent 3[sup]rd[/sup] party auditor, they will have a ball dealing (again) with multiple incompetent 2[sup]nd[/sup] party auditors.
 
Last edited:

Golfman25

Trusted Information Resource
So, you obviously subscribe to the gopher-auditor approach to audits, failing to realize that, in the long run, it will always come back to bite at you in the form of the multiple, redundant, inconsistent, micro-managing, hair pulling second party audits. As the cliche' goes: be careful what you wish for, because you might get it.

ANY audit should be performed by competent people, in a professional manner. Only then, the interested parties can extract any benefit from it. Wishing the external auditors become irrelevant just adds to the problem and not the solution.

I think you missed my point. Whether our not the auditor raised the issue to the level of a non-conformance doesn't matter. If there company sees an issue it wants to fix, it can go ahead and fix with or without the auditor. I am not sure why you would drag the auditor back in when he is done and gone.
 
Top Bottom