Auditing a Contractor in EMS and Non Conformity Report

mtespiritu

Starting to get Involved
Mabuhay! I am Ian and have been reading different posts in this site for several months now.

Please help me clarify some issues:

1. When I am auditing our contractor against a Contractor Agreement (requirement) that we have provided them related to our EMS, am I right in saying that I could have my own classification of whether the findings are OFI, minor NC or major NC? Especially since they don't have a certified EMS and even if they have, the audit scope would be based on the Contractor Agreement, right?

We have internal auditors who raised NCs with applicable ISO14001 clauses but not citing the requirements under the Contractor Agreement.

2. When I am auditing the Process owner that employs the contractor mentioned above, then I could raise the nonconformities to that particular Process owner especially if the contractor have contributed to the Department's failure to meet the EMS requirements. Right?

We have been tabulating the number of findings, especially NCs, per process owner and the process owner always says that ANY NC raised because of the contractor's actions should not credited to them.
 

Sidney Vianna

Post Responsibly
Leader
Admin
Welcome to The Cove.
1. When I am auditing our contractor against a Contractor Agreement (requirement) that we have provided them related to our EMS, am I right in saying that I could have my own classification of whether the findings are OFI, minor NC or major NC?
As you are auditing your external source (contractor) against your own requirements, you use your process and criteria to report the findings (NC's, comments, observations, noteworthy efforts, etc...

2. When I am auditing the Process owner that employs the contractor mentioned above, then I could raise the nonconformities to that particular Process owner especially if the contractor have contributed to the Department's failure to meet the EMS requirements. Right?

We have been tabulating the number of findings, especially NCs, per process owner and the process owner always says that ANY NC raised because of the contractor's actions should not credited to them.
Any finding should be flagged to the process owner, in a way that, if correction and corrective actions are necessary, such process owner will be made accountable. As for "crediting" the nonconformity, it seems that the culture is of blame. The internal process owner does not want to be made responsible for the external supplier's problem. But was this process owner involved with the screening and selection of the supplier? Does this process owner have authority over the supplier? Sometimes, a process owner has the responsibility but very little authority over issues, including external parties.

But, first and foremost, for the system to be embraced and be an agent of change, blame should be eradicated from the culture. Otherwise, people will resist any ownership of processes.
 
Top Bottom