IATF 16949 - What to do if external auditor won't accept our root cause?

[DariusPlumdon]

We had a few minor NCs raised in our recent IATF16949 external audit; all the findings were fair.

We have responded in full (in the CARA system) with containment plan, 5Y analysis root cause, proof of implementation etc. The same way we have done for the past 10 years plus with no issue.

The external auditor has now responded basically saying that he will not accept our root cause as it is not what he thought the root cause should be!

Any ideas as to how to proceed with this ... as our auditor is not a great listener (that is being very generous) and has already pushed back on this.

To be clear the auditor is not questing the semantics or of our 5Y relationship; they just do not understand or will not accept that the real root cause is correct.

As things stand the only thing I can do is use the root cause they want us to, reverse engineer a fictitious 5Y & 'create' evidence to satisfy and close the audit; which to me defeats the whole ethos and point of a good audit*

*I must stress we have already taken good corrective actions to improve things based on the genuine/real root cause

 

[Sidney Vianna]

Any ideas as to how to proceed with this ... as our auditor is not a great listener (that is being very generous) and has already pushed back on this.

You can ALWAYS escalate the issue to someone in a technical management position at the CB. The auditors report to a person in that type of capacity and when they overstep their authority, somebody has to keep them grounded.

 

[Randy]

The external auditor has now responded basically saying that he will not accept our root cause as it is not what he thought the root cause should be!

Any ideas as to how to proceed with this ... as our auditor is not a great listener (that is being very generous) and has already pushed back on this.

Doesn't matter what he thinks, it's what you've identified. Do as suggested, contact the CB and request the person not darken your door again. A large portion of being a good auditor is #1 being a good listener, #2 being flexible and looking from the client's perspective (go to their side of the table)

 

[Ashland78]

You can ALWAYS escalate the issue to someone in a technical management position at the CB. The auditors report to a person in that type of capacity and when they overstep their authority, somebody has to keep them grounded.

This is how the sanctioned interpretations have come about. Someone not understanding.

 

[Ashland78]

We had a few minor NCs raised in our recent IATF16949 external audit; all the findings were fair.

We have responded in full (in the CARA system) with containment plan, 5Y analysis root cause, proof of implementation etc. The same way we have done for the past 10 years plus with no issue.

The external auditor has now responded basically saying that he will not accept our root cause as it is not what he thought the root cause should be!

Any ideas as to how to proceed with this ... as our auditor is not a great listener (that is being very generous) and has already pushed back on this.

To be clear the auditor is not questing the semantics or of our 5Y relationship; they just do not understand or will not accept that the real root cause is correct.

As things stand the only thing I can do is use the root cause they want us to, reverse engineer a fictitious 5Y & 'create' evidence to satisfy and close the audit; which to me defeats the whole ethos and point of a good audit*

*I must stress we have already taken good corrective actions to improve things based on the genuine/real root cause

I responded below but please keep in mind that the auditors have their ID attached to every result and question answered now. In years past, many were paying for registration but not truly being audited.

That being said, a pet peeve of mine is blaming it on the operator or training. That is weak only in my opinion, I am not a 3rd party auditor though. Did you include a technical root cause and a managerial root cause, if you provide both, they typically won't question.

The sanctioned interpretations are based off of situations like yours from what I understand. Challenge it and see how it goes.

 

[SeanN]

Before escalating the issue, with a buy-in attitude, try to understand why he thinks your 5Ys are incorrect.
Sometimes, insights from outsiders are worthy and help us to think out of the box ("the same way ... for the past 10 years plus"). Try to explore and "exploit" their expertise. Most of not-great listeners tend to be great speakers, so he will likely tell you why he believe so. And we can usually learn, something, from external assessors. If he seems to be over-confident, it may also mean he is very experienced in that particular point.
Don't simply create fictitious 5Ys & evidence to satisfy him and close the audit. There may be more than one root cause?

 

[Randy]

Most of not-great listeners tend to be great speakers, so he will likely tell you why he believe so.

It doesn't matter why or what he believes so, it's just what is or isn't.

If he seems to be over-confident, it may also mean he is very experienced in that particular point.

It may also mean he knows what he can get away with

Darius you take the path you think is best for you, but understand, Sidney gives pretty good advice, he's been in the CB business forever and a day, and he knows.

I on the other hand do nothing but 3rd party CB audits, that's it for a long time now, just audit, so I speak from my side of the table. You're methods are your methods, I can't say that they are wrong, no way, no how, all I can do is identify whether that are effective or not in their application. If your auditor is doing more than that, then he's lost objectivity and impartiality and needs to take a hike.

 

[Sidney Vianna]

Before escalating the issue, with a buy-in attitude, try to understand why he thinks your 5Ys are incorrect.
Sometimes, insights from outsiders are worthy an

In this day and age of communicating via web portals, it is hard to gain insight. Reading the original post, it is clear from the poster’s perspective that the CB auditor has some form of pre-established root cause. And don’t accept a different one. While it is part of the auditors job to ensure a robust and effective RCA that enables a meaningful corrective action, assuming the organization has done an honest effort towards digging the systemic cause for the problem, the auditor cannot impose his/her opinion and pre-established root cause. That would be a conflict of interest.

If the organization has done a serious effort, the auditor should accept and remember that during the next surveillance visit, there will be an opportunity to assess if the problem has been resolved or not. If not, the minor can be escalated into a major and decertification proceedings triggered, if the IATF maintained their protocols for NC management.

If an organization does lip service to RCA, there should be plenty of evidence that corrective actions are ineffective and lingering problems abound.

 

[DariusPlumdon]

Thank you for multiple answers.

With regarding to the 'Sanctioned Interpretations' ironically that is probably part of the problem; in that there was a SI in the past couple of years that has been woefully mis-understood by many auditors, and hence it is now one of the 'most popular' causes for findings to be raised against in the IATF rankings! This is paraphrasing someone quite senior at a certification body different to the auditor we are using, apparently this is on the IATF radar.

With any audit we greatly value external input, as it is a fresh pair of eyes with industry experience, we NOT against change, but only to add value

We have had our 5Y looked at by experts in the QMS team, and independently by the Quality Team, and again by an external person; they have suggested some re-phrasing, but fundamentally agree that what we have is good (if not very good) 5Y leading to in our case a single root cause ... I appreciate at times there can be more than one root cause, but in this case there is a clear single root cause. As I wrote originally the actual finding is a 'fair cop', our issue is taking the correct action based on the REAL root cause to fix this.

Again I stress we have already taken the time to do the 5Y, take the corrective action & verify it works ... the issue is not how to fix, it is how to get the auditor to accept a fix that is not how he personally thought it should be done.

Thankfully this is the final audit with this auditor, under IATF rules we have to change next year, that is why with a VERY heavy heart I think we may end up fabricating evidence for the CARA system, knowing we will not have this auditor ever again.

The reply about being a good speaker but not a good listener is alas not true; the person just does not want to engage; to the extent that he has now put in writing 'you have had enough of my time, I will now invoice you for each email/question you ask' .... before you ask, yes we have gone back to the certification body he is a contracted to (he is self-employed contractor to them) to 'highlight' this, we are awaiting their response.

I remember from my training 20+ years ago they highlighted where the term 'audit' comes from in Latin (Auditus). and how the key to being a competent or good auditor is to be able to listen; that is our problem, our auditor will not listen, therefore he does not understand, it is like trying to argue nuclear physics with a 3 years old who is convinced they know more that you :-(

I do NOT like blaming auditors, in 20 years plus I have only some across 3 rotten auditors including this guy; of the previous one was 'asked to take earlier retirement' & the other 'asked to pursue other opportunities'. I have no doubt something similar will happen again here as he thinks he can get away with it (as someone replied earlier), but eventually he will be caught out ... but my/our issue is passing this audit.

Thank you for all your inputs

 

[DariusPlumdon]

I responded below but please keep in mind that the auditors have their ID attached to every result and question answered now. In years past, many were paying for registration but not truly being audited.

That being said, a pet peeve of mine is blaming it on the operator or training. That is weak only in my opinion, I am not a 3rd party auditor though. Did you include a technical root cause and a managerial root cause, if you provide both, they typically won't question.

The sanctioned interpretations are based off of situations like yours from what I understand. Challenge it and see how it goes.

Annoying point is he responds through email, not using CARA (as per IATF 5th edition rules)!