Are you documenting Internal Audit findings as NCRs?

dubrizo

Involved In Discussions
#1
Hi Covers,

I had a conversation the other day where the individual told me that they don't open CARs or any other formal report for Internal Audit findings.

Is this normal? Throughout my short career in Quality, thus far I have always documented and tracked Internal Audit Findings on NCRs/CARs.
 
Elsmar Forum Sponsor

howste

Thaumaturge
Super Moderator
#2
Re: Are you documenting findings as NCRs?

No, that's not normal if the findings are nonconforming. In ISO 9001 corrective actions are required to be taken for nonconforming conditions. Also the results of the audits need to be reported to relevant management, which would be difficult if they are not recorded.
 

normzone

Trusted Information Resource
#3
Re: Are you documenting findings as NCRs?

Some folks do, some folks don't. I prefer to log all internal audit nonconformances as corrective actions - it's difficult enough sometimes to get people to get off the dime and do their homework assignments. Managing it all in one system with visibility is the most effective approach for me.
 

Marcelo

Inactive Registered Visitor
#4
A NC does not necessarily need a corrective action. So directly putting it into a CAR is weird.

A NC should go to a NC evaluation process, and one of the results could be the need for a CA. Another result, for example, could be that only a correction is necessary, not a CA.
 

dubrizo

Involved In Discussions
#5
So far it seems like there are opinions of varying degrees. Perhaps I can expound a little and y'all can provide feedback.

The IA finding was that particular reports were not being filed at the conclusion of an individuals attendance of an outside training or conference. Per the internal procedure, a report was to be completed and submitted. It was found that this was not happening at all... a complete failure to comply with the internal standard.

My thoughts:

A finding should go into the IA report, and a Corrective Action should be initiated for proper tracking, documentation, and records (per ISO:9001.)

Thoughts? Opinions? Life Lessons? Words of Wisdom?
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#6
That sounds like a nonconformance to me. :agree: I would absolutely manage it and record it as per procedure - in which presume you mention this tool as a kind of infrastructure?

I usually see an NCR system used for 1st, 2d and 3rd party audit nonconformities; some people use the same system for Opportunities for Improvement that they decide to treat as preventive actions. The NCR systems are sometimes also used for customer complaints, and why not?

What I often don't see is the tool's functional capabilities leveraged as a mini project management tool for things the system members find they want to improve internally, that is without the trigger of being a finding of some kind. That is understandable if the system makes it awkward to sort out such actions for reporting purposes, but it still seems unfortunate, a missed opportunity.
 

somashekar

Staff member
Super Moderator
#7
So far it seems like there are opinions of varying degrees. Perhaps I can expound a little and y'all can provide feedback.

The IA finding was that particular reports were not being filed at the conclusion of an individuals attendance of an outside training or conference. Per the internal procedure, a report was to be completed and submitted. It was found that this was not happening at all... a complete failure to comply with the internal standard.

My thoughts:

A finding should go into the IA report, and a Corrective Action should be initiated for proper tracking, documentation, and records (per ISO:9001.)

Thoughts? Opinions? Life Lessons? Words of Wisdom?
An IA finding is a NC situation. NC situation can be encountered in all processes and they must be addressed. Some processes have a defined method of addressing like for example the customer complaint or a supplier NC. In the same way an audit finding written up becomes a IA NCR. All NCR go through the same flow down, in investigation to assess the root cause, the root cause determination, correction, evaluating the need for CA, the CA, the CA implementation and then monitoring the CA effectiveness.....
 

RoxaneB

Super Moderator
Super Moderator
#8
My experience has been put to place it into one system. The Nonconformance Report had sections for corrections or corrective action based on the nature of the incident. At least this way there was one tracking tool, one system, one language.
 

Marcelo

Inactive Registered Visitor
#9
So far it seems like there are opinions of varying degrees. Perhaps I can expound a little and y'all can provide feedback.

The IA finding was that particular reports were not being filed at the conclusion of an individuals attendance of an outside training or conference. Per the internal procedure, a report was to be completed and submitted. It was found that this was not happening at all... a complete failure to comply with the internal standard.

My thoughts:

A finding should go into the IA report, and a Corrective Action should be initiated for proper tracking, documentation, and records (per ISO:9001.)

Thoughts? Opinions? Life Lessons? Words of Wisdom?
First thing to do: how to treat the NC? Some action needs to be done. Some possible actions (there can be more, these are just examples):
- complete and submit all missing reports
- change the internal procedure to not require those anymore


Then, you need to verify if corrective action is needed. This is done by analyzing the root cause of the NC. Depending on your conclusion of the root cause, you may or may not need to escalate to a CA.
 

ScottK

Not out of the crisis
Staff member
Super Moderator
#10
what you call it is semantics and depends on your systems and how they are written.
But any way you slice it the findings need to be reported and acted upon.
 
Thread starter Similar threads Forum Replies Date
V Documenting the Root Causes for Internal Audit Non-Conformance Findings Problem Solving, Root Cause Fault and Failure Analysis 5
S Documenting Design Verification Test Results (ISO 9001) Design and Development of Products and Processes 1
adir88 Documenting Risk Control Option Analysis ISO 14971 - Medical Device Risk Management 8
M Defining and Documenting Record Retention CE Marking (Conformité Européene) / CB Scheme 5
J Documenting a Calibration Interval Extension Calibration Frequency (Interval) 7
B Documenting hardware on Form 2 of AS9102 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
bryan willemot Documenting past problem history for fasteners for AS9100 Rev D AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
Q Documenting Customer Complaints (Records) Customer Complaints 6
R Documenting Expiration Date Extension for a specific lot ISO 13485:2016 - Medical Device Quality Management Systems 12
J ISO 13485:2016 Section 6.2 - Documenting the process for establishing competence ISO 13485:2016 - Medical Device Quality Management Systems 6
S Does IEC 62304 require documenting unresolved anomalies for all safety classes? IEC 62304 - Medical Device Software Life Cycle Processes 4
C Documenting Cleaning Production Lines in Medical Device Pkg facility ISO 13485:2016 - Medical Device Quality Management Systems 1
C Documenting Cleaning Production Lines in Medical Device Pkg facility 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 0
C Documenting Cleaning Production Lines in Medical Device Pkg facility 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
L Problems while documenting the SOUPs used for the software we are developing IEC 62304 - Medical Device Software Life Cycle Processes 4
R Documenting Self-Training and Effectiveness - ISO 13485:2016 Training - Internal, External, Online and Distance Learning 4
C Documenting Software Safety Classifications IEC 62304 - Medical Device Software Life Cycle Processes 4
B Approaches to Documenting an ISO 22000 FSMA Food Safety - ISO 22000, HACCP (21 CFR 120) 3
G Process for Product Safety - Ideas for Documenting Process for 4.4.1.2 IATF 16949 - Automotive Quality Systems Standard 3
M What is the value of documenting in-process rework for easily-detectable issues? Quality Manager and Management Related Issues 4
R What is the typical industry standard for documenting Usability Risk? Human Factors and Ergonomics in Engineering 16
C Importance of Documenting NCP's and CA/PA's ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 23
D Documenting Meetings through Meeting Minutes or a Form ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
Colin Objectives Form - Format for Documenting Information Security Objectives IEC 27001 - Information Security Management Systems (ISMS) 2
O Documenting Processes requiring Customer Notification Misc. Quality Assurance and Business Systems Related Topics 2
M Documenting Vendor (Supplier) Issues Document Control Systems, Procedures, Forms and Templates 4
V Documenting Exceptions and use of Deviation Request Form APQP and PPAP 2
K AS9100 Clause 7.2.2 - Documenting "Special Requirements" and risks AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
K Competence, Training and Awareness - Documenting Training and Confidentiality Aspects ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
Q Documenting the Review of Adverse Effects from Rework ISO 13485:2016 - Medical Device Quality Management Systems 4
A Formal Way for Documenting Design Input Requirements 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
A Documenting 5S Guidelines in the Sales Department (Office 5S) Quality Tools, Improvement and Analysis 4
C Training Planning - Using Summary Sheet for Documenting Training Activities Training - Internal, External, Online and Distance Learning 3
J Requirements for Documenting Lifetime of a Medical Device ISO 13485:2016 - Medical Device Quality Management Systems 5
A Best Practice for Documenting Design Reviews 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 13
F Documenting Historical Preventive Action at a Daycare Preventive Action and Continuous Improvement 20
N Documenting Medical Device Complaints 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 6
R Documenting Quality Inspections - Material Released prior to Lot Acceptance Quality Manager and Management Related Issues 10
V Approach towards defining/documenting Requirements COTS vs. New-Product Software Quality Assurance 1
Crusader New Documenting Methods for Manufacturing Process Audits? Process Audits and Layered Process Audits 9
M Documenting an outsourced process - Distribution company with some manufacturing ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
P Process Map vs. User Guide - Documenting business procedures Process Maps, Process Mapping and Turtle Diagrams 3
T Documenting Effectiveness of Corrective/Preventive Action Nonconformance and Corrective Action 8
M Customer Format - Documenting Customer Software Requirement Specification and DDD Software Quality Assurance 10
D Documenting Machine Shop In-Process Checks Records and Data - Quality, Legal and Other Evidence 9
Crusader Continuous Improvements - How are you documenting them? Preventive Action and Continuous Improvement 66
R Documenting Processes such as Receiving Inspection, and Auditing to Turtle Diagrams Process Maps, Process Mapping and Turtle Diagrams 20
Gert Sorensen Requirement for specified agendas and meeting minutes when documenting projects? Document Control Systems, Procedures, Forms and Templates 2
A Submit a 510(k) to an existing device vs. Just Documenting a Change ISO 13485:2016 - Medical Device Quality Management Systems 2
D Documenting Revision History - Single ?Revision Record? Document Document Control Systems, Procedures, Forms and Templates 4

Similar threads

Top Bottom