Audit Observations - Is there a requirement to Respond to Observations?


Fully vaccinated are you?
Staff member
Saw this. Any coments here?

From: "David Jenkins"
Newsgroups: misc.industry.quality
Subject: Registrar comments

Date: Mon, 15 Apr 2002 20:09:51 GMT
Organization: Shaw Residential Internet
Xref: sn-us misc.industry.quality:16278

Just wondering if anyone else has observed this from an auditor on an ISO
9001:2000 registration audit?

They found one minor nonconformance and made a 'comment' on three other
issues. They are trying to insist that we respond to these 'comments' as
well as the nonconformance before confirming registration. On being
challenged as to whether these comments were really 'minor or
potential-minor nonconformances' they replied no - they were justs things
they would like to see changed: they could not point to non-complience with
the standard.

I've been through a fair number of ISO audits with our clients, but have
never run across this behavior before. Anyone else seen this?

David Jenkins
White Rock BC
Elsmar Forum Sponsor

Randy Stewart

Unfortunately, yes. One of the sites I use to be responsible for received a minor during the next audit because we didn't respond to the OFI. However, 1 incident out of all the audits in the past 6 years isn't a bad percentage.


M Greenaway

I have never experienced this, and find it quite alarming.

However what you could do is document it in your CA system, conduct an investigation, come to the conclusion that you cannot identify that there is any non-compliance (which your auditor must agree with), and then close the CA with 'no-action'.

Unless of course you really want to go to war on it, in which case tell the guy to ............. off


Quite Involved in Discussions
Our Registrar does not require a response on Opportunity for Improvements. They are also not allowed to write an OFI during a registration. File a grievance with the registrar
How do you define "respond"?

All "observations" need some form of response, if only to say that nothing will be done. If that is what the registrar is looking for; evidence that you considered the observation, then great. If, on the other hand, the registrar is looking for you to “fix” the observation, then I would have an issue. If it requires “fixing” it should be a nonconformance, not an observation. If the situation is conforming, then not “fix” should be required.


Super Moderator
Super Moderator
Guess I can't say how kosher these opportunities for improvement and responses are, but here is what I have done in the past.

We have welcomed any and all observations pertaining to opportunities for improvement. We also let our registrar know that while we welcome them, we may not choose to do the exact things that the auditor is looking for, we will do what is best for us. Our registrar has never required a formal action plan for OFIs. We do (quality team members) sit down with the auditor prior to the closing meeting and discuss them. We may come up with a plan right there, or not. But at least the auditor knows we are aware, and will keep them in mind. Usually these improvement opportunities lead to the next surveillance audit, and they give us a chance to maybe take care of a potential problem before it happens. Obviously, if they were in nonconformance now, we'd get a finding. Usually it is just a feeling from the evidence collected in the current audit that there is a potential for nonconformance down the road.

I don't know, maybe we are pretty naive, but we like to partner with our registrar and keep everything pretty low-key and friendly.

Jim Biz

Two way situation

I've seen this happen in two different situations

1) auditor "using" an improvement as a warning
(ie explaining that although it is wiitten as a "Suggestion" if nothing changes by the next visit - I'll find a way to write a nonconformance for it.....

2) Auditor Using improvement suggestins to "mold" the clients system to his viewpoint. Ie your system would be better in my opinion if you did this or that........

Of course the auditor that explains "this is what I think and you can take it and run with it OR ignore it completley is correct.


Super Moderator
Super Moderator
my experience

During our initial audit, our registrar found some OFIs. They included them in their report, but did not require a written response. We did have 3 minors written, and we had to respond to those before we received our certification.

Oh yeah

One additional thing I forgot, for some reason SteelMaiden's post reminded me of it. If an observation points to something that would be of benefit, then without a doubt follow-up, regardless of whether the registrar says you have to.


Two out of the three Registrars I have used required responses to Observations.

Both described it as being a warning about a future finding.
Thread starter Similar threads Forum Replies Date
L ISO 13485:2016 Clause 8.4 - Analysis of Audit Observations ISO 13485:2016 - Medical Device Quality Management Systems 8
Q Stage 1 audit observations - documented report? General Auditing Discussions 5
S ISO 9001 Audit Observations - Transitioning my career into auditing Career and Occupation Discussions 16
P Secretly Auditing - Writing an audit report with observations based on my experiences Internal Auditing 12
S Do I need to answer Audit Observations? General Auditing Discussions 33
V Classification of Audit Observations - Regulatory References US Food and Drug Administration (FDA) 1
D Need to follow-up Internal Audit 'Observations' ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 17
A Can Internal Audit Observations be kept confidential from State FDA inspections ? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 11
A Quality Objectives 5.4.1 - KPI SOP - ISO 13485 Audit Observations EU Medical Device Regulations 6
V Most Common Internal/External Audit Observations on Risk Management ISO 14971 - Medical Device Risk Management 4
I Observations Outside of the Audit Scope General Auditing Discussions 37
C Closure of CARs (Corrective Action Requests) and Audit Observations Internal Auditing 25
C Is approval needed for adopting observations made during audit? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
W TS 16949 Audit - Examples of Major & Minor NC's and Observations for Stage 1&2 audit. IATF 16949 - Automotive Quality Systems Standard 11
B Responding to ISO9001 Audit NCR?s/Observations - ?Top Management? ? Clause 5.4 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 24
M Linkage of Internal Audit Observations to Business Risk ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
B Responding to ISO9001 or TS16949 Audit NCR?s/Observations. Nonconformance and Corrective Action 5
Mikey324 External calibration - Finding in our 3rd party audit General Measurement Device and Calibration Topics 10
C ISO 14001 Internal Audit - Opportunity for Improvement ISO 14001:2015 Specific Discussions 2
P Does FDA require certification for quality system internal audit for auditor? Qualification and Validation (including 21 CFR Part 11) 1
J Stage 2 audit initial cert, few data points ISO 13485:2016 - Medical Device Quality Management Systems 4
S Corrections not allowed during audit ISO 13485:2016 - Medical Device Quality Management Systems 7
P Looking to outsource Internal Audit - MDSAP competent auditor needed Other Medical Device Regulations World-Wide 9
R GFE Audit - Violation? GFE Location Controls AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 0
D Help Me. Non conformitty in External Audit IATF 16949 - Automotive Quality Systems Standard 13
M How to answer ISO9001:2015 audit finding of old revisions of documents being used? Document Control Systems, Procedures, Forms and Templates 8
B UKRP to what level should you audit Class I Technical Documentation? UK Medical Device Regulations 0
I Audit is tomorrow but I refused to participate Misc. Quality Assurance and Business Systems Related Topics 16
I ISO 17025:2017 / ANAB 3125 - Articulating / Communicating Risks vis-a-vis Audit Findings ISO 17025 related Discussions 2
D Verify Audit Trail of SaaS system Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 3
D Re-labeler - audit the supplier EU Medical Device Regulations 2
J Outsourced Internal Audit requirements for Aerospace Suppliers AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 21
A PPAP question for audit APQP and PPAP 16
D Number of people to be interviewed during an internal audit? Internal Auditing 6
B Gamma Quarterly Audit Medical Device and FDA Regulations and Standards News 1
A Anxiety - ISO Re-registration Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 69
Ed Panek Auditor MDR (Presub audit) finding EU Medical Device Regulations 2
Q Easy CARs for Internal Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
D Question and advice for a supplier self audit questionnaire ISO 13485:2016 - Medical Device Quality Management Systems 6
S Quarterly Dose Audit Medical Device and FDA Regulations and Standards News 5
H When is a SOC 2 audit necessary? IEC 27001 - Information Security Management Systems (ISMS) 3
J NCR- Failure of contract review process - NADCAP audit AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
D Special IATF audit of sub-supplier IATF 16949 - Automotive Quality Systems Standard 18
A Internal audit plan and processes for ISO 14001:2015 ISO 14001:2015 Specific Discussions 3
D Question on using audit checklist ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 20
C API Q1 internal audit report Internal Auditing 3
P Filled in F48/F49 for internal audit ISO 17025:2017 Internal Auditing 2
A IRIS audit - Discussion about Special Processes General Auditing Discussions 11
J Internal audit random sampling methodology Internal Auditing 2
D Major NC from last audit not fixed not sure how to fix General Auditing Discussions 10

Similar threads

Top Bottom