Are you documenting Internal Audit findings as NCRs?

[dubrizo]

Hi Covers,

I had a conversation the other day where the individual told me that they don't open CARs or any other formal report for Internal Audit findings.

Is this normal? Throughout my short career in Quality, thus far I have always documented and tracked Internal Audit Findings on NCRs/CARs.

 

[howste]

Re: Are you documenting findings as NCRs?

No, that's not normal if the findings are nonconforming. In ISO 9001 corrective actions are required to be taken for nonconforming conditions. Also the results of the audits need to be reported to relevant management, which would be difficult if they are not recorded.

 

[normzone]

Re: Are you documenting findings as NCRs?

Some folks do, some folks don't. I prefer to log all internal audit nonconformances as corrective actions - it's difficult enough sometimes to get people to get off the dime and do their homework assignments. Managing it all in one system with visibility is the most effective approach for me.

 

[Marcelo]

A NC does not necessarily need a corrective action. So directly putting it into a CAR is weird.

A NC should go to a NC evaluation process, and one of the results could be the need for a CA. Another result, for example, could be that only a correction is necessary, not a CA.

 

[dubrizo]

So far it seems like there are opinions of varying degrees. Perhaps I can expound a little and y'all can provide feedback.

The IA finding was that particular reports were not being filed at the conclusion of an individuals attendance of an outside training or conference. Per the internal procedure, a report was to be completed and submitted. It was found that this was not happening at all... a complete failure to comply with the internal standard.

My thoughts:

A finding should go into the IA report, and a Corrective Action should be initiated for proper tracking, documentation, and records (per ISO:9001.)

Thoughts? Opinions? Life Lessons? Words of Wisdom?

 

[Jen Kirley]

That sounds like a nonconformance to me. I would absolutely manage it and record it as per procedure - in which presume you mention this tool as a kind of infrastructure?

I usually see an NCR system used for 1st, 2d and 3rd party audit nonconformities; some people use the same system for Opportunities for Improvement that they decide to treat as preventive actions. The NCR systems are sometimes also used for customer complaints, and why not?

What I often don't see is the tool's functional capabilities leveraged as a mini project management tool for things the system members find they want to improve internally, that is without the trigger of being a finding of some kind. That is understandable if the system makes it awkward to sort out such actions for reporting purposes, but it still seems unfortunate, a missed opportunity.

 

[somashekar]

So far it seems like there are opinions of varying degrees. Perhaps I can expound a little and y'all can provide feedback.

The IA finding was that particular reports were not being filed at the conclusion of an individuals attendance of an outside training or conference. Per the internal procedure, a report was to be completed and submitted. It was found that this was not happening at all... a complete failure to comply with the internal standard.

My thoughts:

A finding should go into the IA report, and a Corrective Action should be initiated for proper tracking, documentation, and records (per ISO:9001.)

Thoughts? Opinions? Life Lessons? Words of Wisdom?

An IA finding is a NC situation. NC situation can be encountered in all processes and they must be addressed. Some processes have a defined method of addressing like for example the customer complaint or a supplier NC. In the same way an audit finding written up becomes a IA NCR. All NCR go through the same flow down, in investigation to assess the root cause, the root cause determination, correction, evaluating the need for CA, the CA, the CA implementation and then monitoring the CA effectiveness.....

 

[RoxaneB]

My experience has been put to place it into one system. The Nonconformance Report had sections for corrections or corrective action based on the nature of the incident. At least this way there was one tracking tool, one system, one language.

 

[Marcelo]

So far it seems like there are opinions of varying degrees. Perhaps I can expound a little and y'all can provide feedback.

The IA finding was that particular reports were not being filed at the conclusion of an individuals attendance of an outside training or conference. Per the internal procedure, a report was to be completed and submitted. It was found that this was not happening at all... a complete failure to comply with the internal standard.

My thoughts:

A finding should go into the IA report, and a Corrective Action should be initiated for proper tracking, documentation, and records (per ISO:9001.)

Thoughts? Opinions? Life Lessons? Words of Wisdom?

First thing to do: how to treat the NC? Some action needs to be done. Some possible actions (there can be more, these are just examples):
- complete and submit all missing reports
- change the internal procedure to not require those anymore


Then, you need to verify if corrective action is needed. This is done by analyzing the root cause of the NC. Depending on your conclusion of the root cause, you may or may not need to escalate to a CA.

 

[ScottK]

what you call it is semantics and depends on your systems and how they are written.
But any way you slice it the findings need to be reported and acted upon.