Can registrar auditors write up something an organization has already identified?

[Slickpick]

You speak of turnover at the Manager level, yet go on to say that due to the "amount of findings and work required," not everything will be completed/closed by the time the recert audit rolls around. Are you implying that the work was to be done by those Mangers where there is heavy turnover? If so, the issue is not so much that items are still open, but perhaps regarding how resourcing was provided/addressed to keep the management system moving forward despite having new people or vacant positions.

If a QMS "stops" because someone isn't there, that's cause for concern.

From what I've seen - The system had not gotten adequate attention over the last several years. Inaccurate procedures with steps not even close to the actual process, numerous contradictions between instructions, poor document control, etc. I even identified profanity written directly in the Control Plan and FMEA (RPN's were also way off - severities of 9's and 10's were documented for minor cosmetic issues - we confirmed with our customer that these are too high).

Our previous Plant Manager refused to relinquish control (other than with a few quality processes and procedures) - he did let us (after some long debates) implement an effective document control system and internal audit program (which has been identifying these issues) - however, he would NOT budge on other items, and he had his own interpretations of the standard. A good example was on statutory / regulatory requirements - his stance was "Those don't apply to us, don't worry about it" - same with KPI's "We don't need those, they don't add value"

 

[Jen Kirley]

It's normally a poor A%% auditor that does that. I'd invite them to leave and as a Lead I've tossed an NC like that a couple times when a team member pulled that crap.

I guess I'm a poor a%% auditor, then. I won't always, but there are important enough cases (such as, those that would present risk to customer, safety & health or environment) where I issue an NC so we can track the corrective action to closure and check back for effectiveness of the actions next time.

 

[Randy]

I guess I'm a poor a%% auditor, then. I won't always, but there are important enough cases (such as, those that would present risk to customer, safety & health or environment) where I issue an NC so we can track the corrective action to closure and check back for effectiveness of the actions next time.

Yep, I'd toss it! Evidence of system performance can be garnered through their own findings of system faults and how they correct them. You track corrective actions by looking at what they do, how they do it and the success rate of their closures and not making them do double duty by adding the additional risk of your NC on top of their own.

Their NC's and their CA's shows that the planned performance of the system is working, your NC show's that you think their work is BS.

 

[Sidney Vianna]

As previously mentioned, this issue has been discussed a number of times before. Below the link to one that had a lot of back and forth.

Thread 'Should a Registrar write a NC on something that was found during the Internal Audit'

Aug 4, 2008

Should the Certification Body (CB)/Registrar write a NC for something that was found during the Internal Audit Process?

For example: The Internal Audit process identified that Root Cause was not being addressed on the Internal Corrective Actions Requests. (There was another Corrective Action issued for this through the internal corrective action process.)

The Auditor, from the CB, while performing an Assessment, writes the exact finding up at a Minor NC. Now bear with me here...the time frame to answer the Corrective Action has not been exceeded

Should this be allowed?

I...

• Coury Ferguson
• Replies: 138
• Forum: Registrars and Notified Bodies

There are many possible scenarios to be addressed. But, in general, external auditors must report audit results to reflect the actual performance of the system. For a profession that is so plagued with the perception of soft grading findings, even more important to report real system shortcomings. Failure to do so is being derelict.

 

[DariusPlumdon]

We are currently lucky in that we have a superb external auditor who listens & explains well, but with the '3 yearly IATF auditor merry-go round' & having worked with at least 10 different external auditors over the years we all know the reality is that (in my experience) around 20% of external auditors are 'nit pickers' who know the standard & where to raise meaningless findings inside out, but sadly add little value, so working in the real world I do totally understand why there are concerns on this thread.
To summarise the good external auditors we have over the years I would say/suggest that:
1) External auditors understand that a good functioning internal audit plan & execution is critical to any company improving, an external auditor turns up once a year, (rightly) spends a fair chunk of time understanding your company & this leaves little time to dig into the detail ... so they want to see your internal audits do get into the details
2) They do not mind findings being raised during internal audits, it shows openness to raise issues & improve
3) Findings being open at the time of an external audit is not an issue, as long as the findings are being addressed in line with the standard & your internal processes. For example a finding raised a month ago that has a root cause in place and and action plan, but has not yet had a chance to execute the action plan is generally fine.
I would get your side of the story in early so you are on the front foot explaining things, do not try to hide it & hope the auditor does not sample it ... you may be lucky & get away with it, but I would say odds against! Good luck.

 

[TejasPower]

I have been a Lead auditor since the turn of this century and started with ISO/TS 16949... yep that old.
What i have seen it depends on the auditor and how much work your team has put forth to have a good root cause and actions.
If you are up front with your auditor, they do appreciate it and most likely not issue a finding but may issue an observation/OFI noting the CAR you have issued.
I currently over see (4) different standards, 9001, 22163, 17025 and 80079-34... makes my annual internal and external audits very fun.
Good luck.

 

[Bca8ball]

• 8 General Managers (our latest GM came in about a month ago)
• 5 Quality Managers (I stepped into this role 2 years ago, my predecessor lasted about two months)
• 4 Maintenance Managers (our latest maintenance manager started at the beginning of this year)
• 3 HR Managers (current HR Manager has been here for 1 year)

Our management team is relatively new at this point. The majority of our floor personnel however (operators, QC inspectors, maintenance techs) have been here several years and are able to walk and talk through their processes quite well. The gaps mainly pertain to documentation.

On a positive note, we do have a strong internal audit program in place. With that being said, we are documenting our findings and have plans in place to correct the issues. However, based on the amount of findings and work required, we will not have everything corrected / implemented by time our recertification audit takes place. We also have a management review scheduled with our new General Manager and will be discussing / documenting these gaps and weaknesses along with our action plans prior to the audit...

Can the registrar auditor write an NC on something that we have already identified internally as an issue?

Odds are that an external auditor would not duplicate an NC already identified internally; however, the subject is not as cut and dry as some responses make them. Depending on the actual situation, something documented externally, may be the best approach.

IMO there is an elephant in the room not being mentioned and/or potentially addressed.
If the subject becomes apparent during any third-party audit, self-addressed internal audit findings could appear to be window dressing.
With this in mind, an external auditor could easily note and track your internal CAs efforts or be justified to document some of their own.

There needs to be a "real" review into what or more potentially who is the root cause of turnover and do you have sufficient organizational independence/authority. Pointing a finger at the GM position when there have been 8 of them, seems like a reach.
Let's revisit your initial statement:
10 years - 8 General Managers, 4 Maintenance Managers, 3 HR Managers and you didn't even mention quantity of other employees, inspectors, leads, staff, etc.
Speaking from experience:
* This does not happen without risk and having a direct impact on the QMS
* You are required to address anything that adversely affects the QMS
* Hoping to cover the actual issues with internal findings may be wishful thinking.