When audit NC requires only correction
- Thread starter Jane's
- Start date
I have never seen that done. I have always used an 
Sure - it's up to the auditor and his organization's policies.
It's still pretty standard practice that if a one-off finding is corrected by the time of the closing meeting it won't count as a finding... whether the auditor makes you follow the full corrective action process is up to them and they would likely make that judgement base on potential risk.
If it's really super simple, like a page missing from a printed document where the pdf version is whole, I would let that go with just a correction... unless I saw a second instance.
It's still pretty standard practice that if a one-off finding is corrected by the time of the closing meeting it won't count as a finding... whether the auditor makes you follow the full corrective action process is up to them and they would likely make that judgement base on potential risk.
If it's really super simple, like a page missing from a printed document where the pdf version is whole, I would let that go with just a correction... unless I saw a second instance.
Jane's
Involved In Discussions
The NC is minor by definition and calculated risk is low due to low occurrence and high detection, but the issue itself is maybe not minor per se. My problem is that:
- there is no other occurrence of a similar NC,
- the NC precedes me (the content which contains an error was written by the former staff), and
- we already have a mechanism in place to prevent this from happening again - compliance with applicable standards and regulatory requirements is required throughout our processes. The NC was that retention time for certain records was set to be shorter than that required by the EU regs.
I'm not sure how this is a minor NC. Your company is already required, including by applicable regulations, to comply with regulations. If you are not complying, this is a very serious NC. Why did this happen? Why were your system not complying with something. It should? Did anyone check compliance with all applicable regulatory requirements? If so, why the person did not note this? How many more regulatory requirements is the company not complying with?
Doing something that you should already be doing (as mentioned, this is already required by the standard and by the applicable regulations) is not something that controls the risk, and I don't see how it will prevent this from happening again as the NC itself already is a case of this not happening.
What type of audit is it? External? Internal? When people answer, without knowing this information, it becomes very difficult to provide an accurate, "quality" answer.
Jane's
Involved In Discussions
I agree with you that severity of the NC is high and that is how we evaluated it too, but this is still a minor NC. For all I know, that could have been a typo showing 3 where it should have been 5 in the table which specifies the records retention time. As i said, this was established by former staff, so i can't ask them what happened or re-train them or whathave you.
Note that a major NC/QMS breakdown would be not having any requirement for records retention. How do we know other EU req's are met? We completed the essential requirements checklist, Annex I (we are class II, so self-declared).
I am not sure I understand what you are saying in this paragraph, but I appreciate the effort.
@AndyN: It's an external. I know, i'm feeling pretty brave just talking about it
Last edited:
Most external auditors look at things as if they are an "iceberg" - by which I mean the auditor thinks "If I found it, it must be that there's much more below the surface". That's instead of them taking time to understand how systemic the issue is. So, they treat everything as if root cause is needed instead of allowing things to be corrected...
