Search the Elsmar Cove!
**Search ALL of Elsmar.com** with DuckDuckGo including content not in the forum - Search results with No ads.

Follow up on Major Audit Finding

J

jeffr

#1
Hi,

Recently had a registration audit and received 2 minors and one major (document control). We have put a lot of work in fixing everything and a question came up.

When the auditor returns to review the corrective action of the major, what would happen if we overlooked an item/area and it was discovered during the audit and it was at the level of a minor NC.

Would we be recommended for certification pending corrective documentation ?

Would we be recommended for certification pending corrective documentation and another Corrective Action Audit ?

thanks,

Jeff
 
R

Reg Morrison

#3
Marcelo is right. The rules (ISO 17021) say:
9.1.15 Actions prior to making a decision
The certification body shall confirm, prior to making a decision, that
a) the information provided by the audit team is sufficient with respect to the certification requirements and the scope for certification;
b) it has reviewed, accepted and verified the effectiveness of correction and corrective actions, for all nonconformities that represent
1) failure to fulfil one or more requirements of the management system standard, or (MAJOR)
2) a situation that raises significant doubt about the ability of the client's management system to achieve its intended outputs; (MAJOR)
c) it has reviewed and accepted the client's planned correction and corrective action for any other nonconformities.
So, there is some subjectivity at play, so you need to get the answer from your registrar. Different registrars could treat the same situation in different ways.
 
J

jeffr

#4
Not sure why this was moved, but this pertains to ISO 9001:2008

Not aware of any special rules.

Jeff
 
#5
Not sure why this was moved, but this pertains to ISO 9001:2008

Not aware of any special rules.

Jeff
This pertains to ISO 19011 because you're asking what the response from the external auditors would be. Certification recommendations are squarely in the lap of ISO 19011 and have no part of ISO 9001: 2008.
 
#6
Hi,

Recently had a registration audit and received 2 minors and one major (document control). We have put a lot of work in fixing everything and a question came up.

When the auditor returns to review the corrective action of the major, what would happen if we overlooked an item/area and it was discovered during the audit and it was at the level of a minor NC.

Would we be recommended for certification pending corrective documentation ?

Would we be recommended for certification pending corrective documentation and another Corrective Action Audit ?

thanks,

Jeff
Are you suggesting that they are coming in for a visit to clear just 3 non-conformities? It's been my experience that you can submit your corrective actions, audits etc and they can at least down grade the major to a minor and then close it at the first surveillance. You may want to ask why they can't do this. They may just be looking to bill you an extra day...
 
R

Reg Morrison

#7
This pertains to ISO 19011 because you're asking what the response from the external auditors would be. Certification recommendations are squarely in the lap of ISO 19011 and have no part of ISO 9001: 2008.
Actually it pertains to ISO 17021. ISO 19011 is a guidance requirement and no longer invoked by accreditation bodies.

It's been my experience that you can submit your corrective actions, audits etc and they can at least down grade the major to a minor and then close it at the first surveillance. You may want to ask why they can't do this. They may just be looking to bill you an extra day...
According to ISO 17021, before a certification decision can be made, the registrar has to verify effectiveness of correction and corrective actions. In my experience, most registrars will require an onsite visit before they consider a major NC closed. According to the OP, the major was against document control. If we make a mental exercise and "guess" that too many obsolete documents were being used during the stage 2 audit, it would be justified to perform a re-visit to assess for themselves that obsolete documents are no longer being used and they have changed the system that allowed people to used outdated documents. I think it would be very hard to assess that, remotely, based on submitted information via an email.
 
#8
And, Reg, you stated the NC be "Closed". It's been a long standing practice to down grade to a minor when the quantity and severity didn't justify a special visit. I don't see anything in ISO/IEC 17021 precluding such an option. I did make the point of it being downgraded - and hence still left "open" for verification at the next visit...
 
R

Reg Morrison

#9
Well, while it is true that registrars use the ?downgrade? path, that is a "loophole" because ISO 17021 states:
The client shall be informed if an additional full audit, an additional limited audit, or documented evidence (to be confirmed during future surveillance audits) will be needed to verify effective correction and corrective actions.
ISO 17021 does not explicitly prohibit ?downgrading? of NC?s.

But in order to "downgrade" a nonconformity, the auditor would have to be "satisfied" with the evidence being submitted for review, instead of performing another onsite visit.

And that is the "subjectivity" that I mentioned in my first post in this thread. Some auditors would like to see for themselves (as required by ISO 17021) the EFFECTIVENESS of correction and corrective action. Others (more concerned in keeping the certification effort affordable for their customers) would accept customer-supplied evidence to downgrade the NC.

Depending on the actual nature of the NC, and the necessary corrections and corrective actions, a revisit could be totally justified. Or, like you said, it could be just another way of parting the client from their money.
 
P

pldey42

#10
Hi,

Recently had a registration audit and received 2 minors and one major (document control). We have put a lot of work in fixing everything and a question came up.

When the auditor returns to review the corrective action of the major, what would happen if we overlooked an item/area and it was discovered during the audit and it was at the level of a minor NC.

Would we be recommended for certification pending corrective documentation ?

Would we be recommended for certification pending corrective documentation and another Corrective Action Audit ?

thanks,

Jeff
I think you should ask the person who raised the question how the answer helps.

You can't plan to overlook something. And if you do, you can't be sure it will be regarded as minor, given the subjective nature of grading NCs. So if the answer to the question is, "Sure, go ahead and overlook stuff, it's minor," what are you going to do differently? Shrug, say "We've done a lot of work," and hope for the best? Is that the way you'd like your new QMS to continue?

I would regard an NC in a corrective action as an indicator that CA, itself, is unreliable. If both CA and document control are unreliable, that's a poor basis for a QMS that should bring stability to processes.

Also, that an issue was overlooked raises questions about the effectiveness of the review of the CA that's required in 8.5.2.f - and in turn, calls the internal audit process into question if that was used for the CA review.

The suggestion that a lot of work has been put into the fix might be an indicator that resources are scarce and management commitment weak. And minor oversights have a habit of becoming major NCs if they're not discouraged.

(I'm surprised to learn that CBs can downgrade majors to minor sight unseen; once they know the client and have seen several CAs effectively closed, maybe, but on the first certification audit?)

If it were me (and many would be glad it's not) I'd take the opportunity to turn the question back to whomever asked it - especially if they're a senior manager - and ask them how much they want certification, and to please help assure there are no minor NCs here, or anywhere else, by supporting proper resourcing and auditing of CAs.

Many successful quality managers I've seen use fear of failing audits to get things done. (Yes, Deming said drive out fear, and he was right, but that's another discussion.) If there's wriggle room - as this discussion indicates there might be - they keep it to themselves as a quiet, undeclared contingency plan - to use, for example, if they overlook something themselves!

Just 2c
Pat
 
Top Bottom