Audit opportunity for improvement raised to nonconformance months after the audit

jmech

Trusted Information Resource
#1
ISO 17021-2015 9.4.5.2 allows auditors to identify and record opportunities for improvement.

If an auditor records an opportunity for improvement, does ISO 17021 allow the CB to raise this to a nonconformance?

If so, is there any time limit for this, or can this still be done months after the end of the audit?
 
Elsmar Forum Sponsor

Coury Ferguson

Moderator here to help
Trusted Information Resource
#2
ISO 17021-2015 9.4.5.2 allows auditors to identify and record opportunities for improvement.

If an auditor records an opportunity for improvement, does ISO 17021 allow the CB to raise this to a nonconformance?

If so, is there any time limit for this, or can this still be done months after the end of the audit?
The CB Technical Team will review the report. If it is determined that an OFI was downgraded when it should be a nonconformity, they will most likely change it to reflect that, before the "final report." They would notify their client to let them know that an OFI was upgraded to a nonconformity.

There has been some Auditors that have downgraded a nonconformity to an OFI.

The way I see any OFI, that has been identified, I look at it as a potential nonconformity down the road. So I review all OFIs, and even respond to them, even though no response is required.

But that is my opinion, and how I handle OFIs.
 

howste

Thaumaturge
Trusted Information Resource
#3
ISO 17021-2015 9.4.5.2 allows auditors to identify and record opportunities for improvement.

If an auditor records an opportunity for improvement, does ISO 17021 allow the CB to raise this to a nonconformance?

If so, is there any time limit for this, or can this still be done months after the end of the audit?
The CB is required to review the audit evidence submitted by the lead auditor. If the audit evidence submitted by the auditor shows that they wrote an OFI instead of a nonconformity, then the CB needs to take action to ensure that the nonconformity is addressed. I don't believe that this specific situation is addressed in ISO 17021-1:2015.

As far as timing, they would need to do it as part of 9.5.2 Actions prior to making a decision. Once a decision for a certificate has been made (grant, renew, suspend, maintain, etc.), there should be no changes. Timeliness is discussed in 4.5, but there are no specific time frames mentioned.

Did this happen to your organization?
 

Sidney Vianna

Post Responsibly
Leader
Admin
#4
CB,very likely, is over reacting because they were caught during an AB audit and written up for softgrading NC's.

Some CB's are even prohibiting the issuance of OFI's and observations because of that.
 

Golfman25

Trusted Information Resource
#5
In a third party audit situation there should be no such thing as OFI. They can't "consult" so all that means is you want to gum up my system. If I am not in conformance, show me the shall and tell me why. Otherwise move along. I'll improve my own system thank you very much.
 
#6
At the heart of this is that OFIs and Observations are not related to Nonconformances. Actually they loosely are, but only in that they are audit findings, and audit findings can be positive, negative, or I suppose, even neutral.

Where people get in trouble is the belief that a nonconformance can be written up as a warning, somewhat like a policemen issuing a warning for a traffic infraction instead of a ticket.

That is called soft grading, and is forbidden. If it is a nonconformance it needs to be written up as a nonconformance.
 

jmech

Trusted Information Resource
#7
Thanks all for the informative responses. I agree that nonconformances should be written as such and not soft graded, and that opportunities for improvement should be addressed.

I'd just like to clarify one point from what Coury Ferguson and Howste said: should the audit report (including OFIs) be reviewed by the CB technical team and any OFIs upgraded before the report is finalized (normally within days after concluding the audit) or is the CB allowed to wait months to upgrade an OFI as long as this is still before the certification decision is made?
 

Sidney Vianna

Post Responsibly
Leader
Admin
#8
or is the CB allowed to wait months to upgrade an OFI as long as this is still before the certification decision is made?
As Howste indicated, ISO 17021-1 does not really have much granularity on this aspect of the audit report review process.

The reality is: many technical reviewers don't have much time to perform a thorough review of all audit reports they "process". In the overwhelming majority of the times, they would not pay much attention to softgraded NC's. In a small percentage of the cases, they would identify the softgrading, slap the auditors' wrist and tell them to never do it again. In some cases, they would send a memo to their auditors reminding them of no softgrading allowance.

For a CB to escalate an OFI to a NC, months later, is extremely rare, because it creates problems for them and the registrant (their client). That's why the only plausible explanation I can think of is what I offered in my previous post. This CB is under external pressure to ensure they have stopped all softgrading in their audits, at the risk of having their accreditation suspended, if this is deemed a repeat offense by the AB. Even further, the audit report has already been read by the AB; otherwise, the CB would have told the auditor in question to revise the report and delete the OFI. Very likely this is part of a corrective action the CB has to implement to stop softgrading within their ranks.
 
Last edited:
Thread starter Similar threads Forum Replies Date
C ISO 14001 Internal Audit - Opportunity for Improvement ISO 14001:2015 Specific Discussions 2
S Internal Audit - Risk and Opportunity (ISO 9001:2015 ) Internal Auditing 1
R Audit Closure - Assigned actions AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 7
T Company AS9100D External Audit Preparation AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 17
T AS9100D Risk-Based Internal Audit Schedule AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 10
Crusader Missed Annual Audit… Registrars and Notified Bodies 8
S Minimum Retention Time for Records of internal audit results as per AS9100 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
B Establishing topics for IATF internal audit processes Internal Auditing 9
I API Q1 5.7.1.5.a and API 6A10.4.2.12.2 AAR in API audit Oil and Gas Industry Standards and Regulations 0
D Unannounced Audit - Remote ISO 13485:2016 - Medical Device Quality Management Systems 6
L 3rd party audit issues - No audit agenda received a week before the audit Registrars and Notified Bodies 7
T Calculate FPY for Audit Results AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 9
D Critical Supplier will not allow us to audit Plant floor US Food and Drug Administration (FDA) 12
E Calibration Records during AS9100 Audit AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 8
Q Three year audit program template excel Internal Auditing 1
Q Evaluate a process audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 24
N Audit work documents Internal Auditing 3
S AS9100 Supplier Audit Checklist example AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
Kevin Walters IAQG Required Audit Days Needed (Please help) AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
S Initial Audit FDA US Medical Device Regulations 3
F Surveillance Audit for AS9100D and new ERP system incorporated Document Control Systems, Procedures, Forms and Templates 4
bryan willemot Looking for NADCAP audit Excel spreadsheets template for vendors, specifically heat treat (Vacuum Furnace) AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 10
D Dock audit IATF 16949 - Automotive Quality Systems Standard 9
S Is MDSAP Audit Required? ISO 13485:2016 - Medical Device Quality Management Systems 3
T Robust internal audit program AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 7
J Average number of Nonconformances during internal quality audit for Medical Device Manufacturers Internal Auditing 3
Q AS9100:D Counterfeit internal audit questions AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
D ISO 9001:2015 Internal Audit Check Sheet ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
B Audit checklist for Sterilization Vendors ISO 13485:2016 - Medical Device Quality Management Systems 1
Ed Panek MDR Audit Comment EU Medical Device Regulations 9
R Simple tool to establish an audit schedule? General Auditing Discussions 12
P 9.2.2.2 & 9.2.2.3 Audit Cycle alignment required? IATF 16949 - Automotive Quality Systems Standard 1
R Disruptions that happen prior to surveillance audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
B Cycle Count Audit Discrepancy Supplier Quality Assurance and other Supplier Issues 1
R Audit from Customer - concerned with IP protection ISO 13485:2016 - Medical Device Quality Management Systems 4
I MDR Audit: NC per MDR Annex IX Administrative provisions 8. EU Medical Device Regulations 6
L Documenting internal audit of customer specific requirements IATF 16949 - Automotive Quality Systems Standard 7
GStough Audit Nonconformances (?) for Suppliers Not Registered to ISO and No Supplier Quality Agreement Exists General Auditing Discussions 24
E Audit Finding - Measurement of Process - Continuous Improvement - Trend Analysis Oil and Gas Industry Standards and Regulations 22
C Supplier Audit - Looking for a quality audit checklist General Auditing Discussions 3
E Opening meeting for Third-Party Audit--Who should say what? General Auditing Discussions 22
R EU MDR Remote vs In-Person Audit EU Medical Device Regulations 1
F Attendance possibility for a certification audit ISO 13485:2016 - Medical Device Quality Management Systems 7
D Audit Report details when ISO 13485:2016 and cGMP 21 CFR 820 are applicable ISO 13485:2016 - Medical Device Quality Management Systems 6
R Looking for ISO 13485 Internal Audit Checklist ISO 13485:2016 - Medical Device Quality Management Systems 8
G IATF Remote Location audit timing IATF 16949 - Automotive Quality Systems Standard 3
G During internal audit - finding poor action plans ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
C Need help in determining applicable clause for an audit finding (based on AS9120B) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
G Opening meeting - internal audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
Ed Panek Audit Protocol? Simultaneous surveillance and recertification audits. ISO 13485:2016 - Medical Device Quality Management Systems 11

Similar threads

Top Bottom