Follow up on Major Audit Finding

J

jeffr

Hi,

Recently had a registration audit and received 2 minors and one major (document control). We have put a lot of work in fixing everything and a question came up.

When the auditor returns to review the corrective action of the major, what would happen if we overlooked an item/area and it was discovered during the audit and it was at the level of a minor NC.

Would we be recommended for certification pending corrective documentation ?

Would we be recommended for certification pending corrective documentation and another Corrective Action Audit ?

thanks,

Jeff
 
R

Reg Morrison

Marcelo is right. The rules (ISO 17021) say:
9.1.15 Actions prior to making a decision
The certification body shall confirm, prior to making a decision, that
a) the information provided by the audit team is sufficient with respect to the certification requirements and the scope for certification;
b) it has reviewed, accepted and verified the effectiveness of correction and corrective actions, for all nonconformities that represent
1) failure to fulfil one or more requirements of the management system standard, or (MAJOR)
2) a situation that raises significant doubt about the ability of the client's management system to achieve its intended outputs; (MAJOR)
c) it has reviewed and accepted the client's planned correction and corrective action for any other nonconformities.
Click to expand...
So, there is some subjectivity at play, so you need to get the answer from your registrar. Different registrars could treat the same situation in different ways.
 
J

jeffr

Not sure why this was moved, but this pertains to ISO 9001:2008

Not aware of any special rules.

Jeff
 
Mikishots

Mikishots

Trusted Information Resource
jeffr said:
Not sure why this was moved, but this pertains to ISO 9001:2008

Not aware of any special rules.

Jeff
Click to expand...

This pertains to ISO 19011 because you're asking what the response from the external auditors would be. Certification recommendations are squarely in the lap of ISO 19011 and have no part of ISO 9001: 2008.
 
A

AndyN

Moved On
jeffr said:
Hi,

Recently had a registration audit and received 2 minors and one major (document control). We have put a lot of work in fixing everything and a question came up.

When the auditor returns to review the corrective action of the major, what would happen if we overlooked an item/area and it was discovered during the audit and it was at the level of a minor NC.

Would we be recommended for certification pending corrective documentation ?

Would we be recommended for certification pending corrective documentation and another Corrective Action Audit ?

thanks,

Jeff
Click to expand...

Are you suggesting that they are coming in for a visit to clear just 3 non-conformities? It's been my experience that you can submit your corrective actions, audits etc and they can at least down grade the major to a minor and then close it at the first surveillance. You may want to ask why they can't do this. They may just be looking to bill you an extra day...
 
R

Reg Morrison

Mikishots said:
This pertains to ISO 19011 because you're asking what the response from the external auditors would be. Certification recommendations are squarely in the lap of ISO 19011 and have no part of ISO 9001: 2008.
Click to expand...
Actually it pertains to ISO 17021. ISO 19011 is a guidance requirement and no longer invoked by accreditation bodies.

AndyN said:
It's been my experience that you can submit your corrective actions, audits etc and they can at least down grade the major to a minor and then close it at the first surveillance. You may want to ask why they can't do this. They may just be looking to bill you an extra day...
Click to expand...
According to ISO 17021, before a certification decision can be made, the registrar has to verify effectiveness of correction and corrective actions. In my experience, most registrars will require an onsite visit before they consider a major NC closed. According to the OP, the major was against document control. If we make a mental exercise and "guess" that too many obsolete documents were being used during the stage 2 audit, it would be justified to perform a re-visit to assess for themselves that obsolete documents are no longer being used and they have changed the system that allowed people to used outdated documents. I think it would be very hard to assess that, remotely, based on submitted information via an email.
 
A

AndyN

Moved On
And, Reg, you stated the NC be "Closed". It's been a long standing practice to down grade to a minor when the quantity and severity didn't justify a special visit. I don't see anything in ISO/IEC 17021 precluding such an option. I did make the point of it being downgraded - and hence still left "open" for verification at the next visit...
 
R

Reg Morrison

Well, while it is true that registrars use the ?downgrade? path, that is a "loophole" because ISO 17021 states:
The client shall be informed if an additional full audit, an additional limited audit, or documented evidence (to be confirmed during future surveillance audits) will be needed to verify effective correction and corrective actions.
Click to expand...

ISO 17021 does not explicitly prohibit ?downgrading? of NC?s.

But in order to "downgrade" a nonconformity, the auditor would have to be "satisfied" with the evidence being submitted for review, instead of performing another onsite visit.

And that is the "subjectivity" that I mentioned in my first post in this thread. Some auditors would like to see for themselves (as required by ISO 17021) the EFFECTIVENESS of correction and corrective action. Others (more concerned in keeping the certification effort affordable for their customers) would accept customer-supplied evidence to downgrade the NC.

Depending on the actual nature of the NC, and the necessary corrections and corrective actions, a revisit could be totally justified. Or, like you said, it could be just another way of parting the client from their money.
 
P

pldey42

jeffr said:
Hi,

Recently had a registration audit and received 2 minors and one major (document control). We have put a lot of work in fixing everything and a question came up.

When the auditor returns to review the corrective action of the major, what would happen if we overlooked an item/area and it was discovered during the audit and it was at the level of a minor NC.

Would we be recommended for certification pending corrective documentation ?

Would we be recommended for certification pending corrective documentation and another Corrective Action Audit ?

thanks,

Jeff
Click to expand...

I think you should ask the person who raised the question how the answer helps.

You can't plan to overlook something. And if you do, you can't be sure it will be regarded as minor, given the subjective nature of grading NCs. So if the answer to the question is, "Sure, go ahead and overlook stuff, it's minor," what are you going to do differently? Shrug, say "We've done a lot of work," and hope for the best? Is that the way you'd like your new QMS to continue?

I would regard an NC in a corrective action as an indicator that CA, itself, is unreliable. If both CA and document control are unreliable, that's a poor basis for a QMS that should bring stability to processes.

Also, that an issue was overlooked raises questions about the effectiveness of the review of the CA that's required in 8.5.2.f - and in turn, calls the internal audit process into question if that was used for the CA review.

The suggestion that a lot of work has been put into the fix might be an indicator that resources are scarce and management commitment weak. And minor oversights have a habit of becoming major NCs if they're not discouraged.

(I'm surprised to learn that CBs can downgrade majors to minor sight unseen; once they know the client and have seen several CAs effectively closed, maybe, but on the first certification audit?)

If it were me (and many would be glad it's not) I'd take the opportunity to turn the question back to whomever asked it - especially if they're a senior manager - and ask them how much they want certification, and to please help assure there are no minor NCs here, or anywhere else, by supporting proper resourcing and auditing of CAs.

Many successful quality managers I've seen use fear of failing audits to get things done. (Yes, Deming said drive out fear, and he was right, but that's another discussion.) If there's wriggle room - as this discussion indicates there might be - they keep it to themselves as a quiet, undeclared contingency plan - to use, for example, if they overlook something themselves!

Just 2c
Pat
 
You must log in or register to reply here.

Similar threads

G
IATF 16949 recertification major NC (ISO 9001 10.2.1.b)
2
Replies
10
Views
601
Golfman25
G
L
Supplier Quality Audits - Major Findings & Falsification of Records
2
Replies
15
Views
999
Mike S.
M
M
MDSW release documentation
Replies
1
Views
203
yodon
Y
J
14001-Looking for some examples of Environmental Aspects and Compliance Obligations/Audits
Replies
6
Views
4K
John Broomfield
John Broomfield
G
8D on Audit Non Conformance -- Incomplete Document
2 3 4 5 6
Replies
53
Views
5K
Randy
Randy
Top Bottom