Audit opportunity for improvement raised to nonconformance months after the audit

jmech

Trusted Information Resource
#1
ISO 17021-2015 9.4.5.2 allows auditors to identify and record opportunities for improvement.

If an auditor records an opportunity for improvement, does ISO 17021 allow the CB to raise this to a nonconformance?

If so, is there any time limit for this, or can this still be done months after the end of the audit?
 
Elsmar Forum Sponsor

Coury Ferguson

Moderator here to help
Staff member
Super Moderator
#2
ISO 17021-2015 9.4.5.2 allows auditors to identify and record opportunities for improvement.

If an auditor records an opportunity for improvement, does ISO 17021 allow the CB to raise this to a nonconformance?

If so, is there any time limit for this, or can this still be done months after the end of the audit?
The CB Technical Team will review the report. If it is determined that an OFI was downgraded when it should be a nonconformity, they will most likely change it to reflect that, before the "final report." They would notify their client to let them know that an OFI was upgraded to a nonconformity.

There has been some Auditors that have downgraded a nonconformity to an OFI.

The way I see any OFI, that has been identified, I look at it as a potential nonconformity down the road. So I review all OFIs, and even respond to them, even though no response is required.

But that is my opinion, and how I handle OFIs.
 

howste

Thaumaturge
Super Moderator
#3
ISO 17021-2015 9.4.5.2 allows auditors to identify and record opportunities for improvement.

If an auditor records an opportunity for improvement, does ISO 17021 allow the CB to raise this to a nonconformance?

If so, is there any time limit for this, or can this still be done months after the end of the audit?
The CB is required to review the audit evidence submitted by the lead auditor. If the audit evidence submitted by the auditor shows that they wrote an OFI instead of a nonconformity, then the CB needs to take action to ensure that the nonconformity is addressed. I don't believe that this specific situation is addressed in ISO 17021-1:2015.

As far as timing, they would need to do it as part of 9.5.2 Actions prior to making a decision. Once a decision for a certificate has been made (grant, renew, suspend, maintain, etc.), there should be no changes. Timeliness is discussed in 4.5, but there are no specific time frames mentioned.

Did this happen to your organization?
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#4
CB,very likely, is over reacting because they were caught during an AB audit and written up for softgrading NC's.

Some CB's are even prohibiting the issuance of OFI's and observations because of that.
 

Golfman25

Trusted Information Resource
#5
In a third party audit situation there should be no such thing as OFI. They can't "consult" so all that means is you want to gum up my system. If I am not in conformance, show me the shall and tell me why. Otherwise move along. I'll improve my own system thank you very much.
 

Big Jim

Super Moderator
#6
At the heart of this is that OFIs and Observations are not related to Nonconformances. Actually they loosely are, but only in that they are audit findings, and audit findings can be positive, negative, or I suppose, even neutral.

Where people get in trouble is the belief that a nonconformance can be written up as a warning, somewhat like a policemen issuing a warning for a traffic infraction instead of a ticket.

That is called soft grading, and is forbidden. If it is a nonconformance it needs to be written up as a nonconformance.
 

jmech

Trusted Information Resource
#7
Thanks all for the informative responses. I agree that nonconformances should be written as such and not soft graded, and that opportunities for improvement should be addressed.

I'd just like to clarify one point from what Coury Ferguson and Howste said: should the audit report (including OFIs) be reviewed by the CB technical team and any OFIs upgraded before the report is finalized (normally within days after concluding the audit) or is the CB allowed to wait months to upgrade an OFI as long as this is still before the certification decision is made?
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#8
or is the CB allowed to wait months to upgrade an OFI as long as this is still before the certification decision is made?
As Howste indicated, ISO 17021-1 does not really have much granularity on this aspect of the audit report review process.

The reality is: many technical reviewers don't have much time to perform a thorough review of all audit reports they "process". In the overwhelming majority of the times, they would not pay much attention to softgraded NC's. In a small percentage of the cases, they would identify the softgrading, slap the auditors' wrist and tell them to never do it again. In some cases, they would send a memo to their auditors reminding them of no softgrading allowance.

For a CB to escalate an OFI to a NC, months later, is extremely rare, because it creates problems for them and the registrant (their client). That's why the only plausible explanation I can think of is what I offered in my previous post. This CB is under external pressure to ensure they have stopped all softgrading in their audits, at the risk of having their accreditation suspended, if this is deemed a repeat offense by the AB. Even further, the audit report has already been read by the AB; otherwise, the CB would have told the auditor in question to revise the report and delete the OFI. Very likely this is part of a corrective action the CB has to implement to stop softgrading within their ranks.
 
Last edited:
Thread starter Similar threads Forum Replies Date
S Internal Audit - Risk and Opportunity (ISO 9001:2015 ) Internal Auditing 1
B IATF16949 audit requirement - Auditor request UCL and LCL must be show Xbar-R, IATF 16949 - Automotive Quality Systems Standard 6
T COVID, Furlough and ISO9001 Surveillance Audit Coffee Break and Water Cooler Discussions 2
R External Audit and Certificate prorogation due to the pandemic General Auditing Discussions 10
Dean Bell Implementation of Controls as per SOA for Stage 2 Audit IEC 27001 - Information Security Management Systems (ISMS) 0
G Logistic organization and controls - IATF/ISO 9001 audit Nonconformance and Corrective Action 2
Geoff Cotton Performing a Delta Audit General Auditing Discussions 12
N ISO 19011:2018 - 5.4.2 "...audit program should engage in appropriate continual development..." Training - Internal, External, Online and Distance Learning 4
G MSA check list to audit IATF 16949 - Automotive Quality Systems Standard 8
L Open Positions During AS9100 Audit AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
L Stage 2 audit - Requirement for 3 months of records ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
F Who can sit in/perform an API audit? Oil and Gas Industry Standards and Regulations 2
L Manufacturing Process Audit Help IATF 16949 - Automotive Quality Systems Standard 6
H AS9100 Checklist for Internal Audit needed AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 4
F Internal Audit before Pre-Assessment ISO 17025 related Discussions 2
Q Internal audit plan template Internal Auditing 5
G Self Assessment Audit from a new potential customer General Auditing Discussions 3
L Internal audit during COVID-19 restrictions ISO 13485:2016 - Medical Device Quality Management Systems 5
M OEM asking for NC report after certification audit. IATF 16949 - Automotive Quality Systems Standard 3
Ooi Yew Jin Customer E audit preparation Quality Manager and Management Related Issues 2
N Audit non-compliance API Q1 - Use of External Documents 4.4.4 in Product Realization Oil and Gas Industry Standards and Regulations 4
J Remote Audit Experiences - June 2020 General Auditing Discussions 26
F Product audit sampling plans IATF 16949 - Automotive Quality Systems Standard 3
O ISO13485 implementation - Are internal audits expected before stage 1 audit? Design and Development of Products and Processes 3
M Supplier Audit Report - Template for second party audit wanted Lean in Manufacturing and Service Industries 1
Stefan Mundt AS9100D Major nonconformity due to recurrence of a NC during a subsequent CB audit. AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
B Using Unreleased Documents & Process Maps for Internal Audit purposes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
Q ISO 9001:2015 man days for surveillance audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
F ISO 13485 - EU countries that could request another audit ISO 13485:2016 - Medical Device Quality Management Systems 2
H Layered audit updates after COVID-19 shutdowns Process Audits and Layered Process Audits 0
L How to deal with an ISO 13485 Supplier Audit nonconformance ISO 13485:2016 - Medical Device Quality Management Systems 17
M Description of the requirements of clause 9.2.2.3 manufacturing process audit- needs your feedback IATF 16949 - Automotive Quality Systems Standard 0
Armen Conflict of Interest if I audit the QC department? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 16
V Generic IATF 16949 Audit Checklist wanted IATF 16949 - Automotive Quality Systems Standard 3
A NB (Notified Body) Audit of Standards ISO 13485:2016 - Medical Device Quality Management Systems 3
N Audit non-compliance - API Spec Q1 9th Ed 5.6.1.2 b Oil and Gas Industry Standards and Regulations 10
M Any way to execute VDA 6.3 audit remotely? VDA Standards - Germany's Automotive Standards 2
D Audit for ISO and AS 91XX and mitigating exposure to COVID-19 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 14
D Postpone IATF 16949 audit due to COVID-19 IATF 16949 - Automotive Quality Systems Standard 41
JoCam Certified Body Audit of MDR requirements EU Medical Device Regulations 4
D Do non-IATF customers need to be included in audit scope? IATF 16949 - Automotive Quality Systems Standard 23
Ajit Basrur Track audit findings on Excel tracker Excel .xls Spreadsheet Templates and Tools 9
N Small Company - Internal audit process - Who does the audit? Internal Auditing 16
J Does anyone have an excel IATF 16949 Internal Audit checklist I could use? IATF 16949 - Automotive Quality Systems Standard 7
Watchcat Anyone had an MDR technical file review/audit yet? EU Medical Device Regulations 13
G Addressing Non-Conformances from an Internal Audit that are not product related ISO 13485:2016 - Medical Device Quality Management Systems 11
M Has anyone has been through an MDR audit? (3/2020) EU Medical Device Regulations 1
J Audit Finding For Not Retaining Test Results ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
T ISO 27001 sample audit report IEC 27001 - Information Security Management Systems (ISMS) 0

Similar threads

Top Bottom