For Internal Audit findings, would you open a CAPA for every observation?

Big Jim

Super Moderator
#11
Hi Jim,


And if we all agree that corrective actions must be performed for all nonconformances, why not to use one system? To me, the amount of work is the same...

Is it "easier" to have a separate system for minor nonconformances because you can get away with less work or because it is less visible?

Thanks to all for your feedback,
Mike
There is no need to have a separate system for corrective actions and audit nonconformances.

It is, in my opinion, best to treat both minors and majors with appropriate respect. Don't even think of "getting away with less" just because it is a minor. For internal audits, just think of them as nonconformances and don't worry about classifying them into major and minor except perhaps in name only if you feel the need to.
 
Elsmar Forum Sponsor
#12
It concerns me that any system would be chosen because 'it's less work'...

The issue is what's effective. The maxim here is 'no pain, no gain', frankly.

If you Michael, are 'doing the work' then it sounds like some fundamental shift here is required. I'd also suggest you take a look at the value to management of the audit findings. If the value is there, in terms of the nature of the findings, presentation (reporting) of them, then management will 'see' that action is worth taking - well, someone will, at least.

Personally speaking, I have a big misgiving about the majority of (internal) findings, since they are often nit-picky things, wrapped in the language of the standard and, as such, are often unrelated to business performance, client satisfaction etc. Hence, they get little to no substantial support...
 

Bev D

Heretical Statistician
Staff member
Super Moderator
#13
I wouldn't issue a Corrective Action for every audit non-conformance I found. If the N/C was a single event with little or no impact to the product or business then I would issue an N/C just like with non-conforming product: just correct the nonconfomring condition and move on. I would also track these N/Cs inthe same manner I track product N/C events and look for systemic trends issuing corrective actions on the largest most impactful systemic issues.

Another note: it is important to realize that not all 'work' is effective. the equation in physics for work is: work = force X distance. we can expend a lot of effort for very little gain in issuing a 'root cause, prevent recurrence' corrective action for a single event where someone forgot to fill in a form field that no one uses... in other words we also don't want to experience a "lot of pain and no gain"
 
Last edited:

ScottK

Not out of the crisis
Staff member
Super Moderator
#14
I write a CAPA for all findings - corrective or preventive based on if it's a nonconformity or OFI.

If nothing else it is to show evidence of striving for continual improvement... provided they get answered by the process owners :frust:
 
S

Saad Attiyah

#15
Mike -

I would open a CAPA for all findings. My current protocol is to break it down the findings into non-conformities and opportunities for improvement. It is true the risk of the n/c must be assessed, but an n/c is still an n/c. I believe they should be viewed that way, and the level investigation should be thorough. I dont believe you can over react to a finding because there was a break down of the system. This level of investigation will help you consider other situations posing similiar risk. If you do a high level of investigation, you often dont look at similar situations. I think it is just beneficial to be through.

I believe they should be in one system as well. A good CAPA form will not only ask for Corrective actions (investigation, root cause, the action, verification, and date), but it should force the area/team/SME to ask the next question "Where else is an undesirable situation located?" Since your already documenting, CA why not document PA in the same place or system?
 
J

JaneB

#17
look for systemic trends issuing corrective actions on the largest most impactful systemic issues.

<snip>it is important to realize that not all 'work' is effective. the equation in physics for work is: work = force X distance. we can expend a lot of effort for very little gain in issuing a 'root cause, prevent recurrence' corrective action for a single event where someone forgot to fill in a form field that no one uses... in other words we also don't want to experience a "lot of pain and no gain"
Excellent advice! :applause:
 
J

JaneB

#18
I do internal audits for some clients. I would never raise a formal action (or "open a CA/PA", whatever you call it) for every single finding or observation of the 'doesn't conform fully' kind.

It's an issue of effectiveness. I take the time to review findings and observations, and consider risk, importance, etc etc to decide what requires a formal action to address... and what, as other have also said, just doesn't.

To me, raising an action for a titchy little mistake that can be corrected in less time than it would take to actually raise the action is far from effective. It's likely to tie you up in paperwork and will undoubtedly promote the idea that audit is about nitpicking. It shouldn't be! Instead, get it fixed (eg, the "I'm just going to get a coffee... I'm sure by the time I come back you'll find that this form has acquired the signature it should have" approach for example) or fix it and move on.

Better to spend time looking at system problems and raise one single well-chosen action that no manager/supervisor would even bother to argue isn't justified, than waste time on fiddling about with trivia low down on the scale of importance and effectiveness.
 

Jim Wynne

Staff member
Admin
#19
It's an issue of effectiveness. I take the time to review findings and observations, and consider risk, importance, etc etc to decide what requires a formal action to address... and what, as other have also said, just doesn't.

To me, raising an action for a titchy little mistake that can be corrected in less time than it would take to actually raise the action is far from effective. It's likely to tie you up in paperwork and will undoubtedly promote the idea that audit is about nitpicking.
I agree with all of this. :agree1: These issues are cause, at least in part, by internal auditing being cast as some sort of police action. In the OP's case, someone *did* find a glitch in the system, but only a glitch and not something catastrophic, or potentially so.

I think the way to proceed with these things is to thank the auditor for discovering the issue, and then fix it, and then consider the system as a whole for more "opportunities" of similar kind. As Stijloor earlier observed, there's probably some disparity between two systems (14001 and 9001), and small collisions when they meet. This should be seen as evidence that some sort of blending is necessary or would be helpful. In any event, if something useful doesn't result from identifying a nonconformity, something's wrong.

ETA: I just realized that this post was mistakenly in response to a post in another thread, :eek: but the observations still generally apply. Just disregard the reference to the OP, and Stijloor's observation, which may be found in the other thread.
 
Last edited:
#20
Such an example points to the fact that much of what is taught in internal and lead auditor courses is based on external auditor thinking:- "If I'm at a supplier's premises then I want them to take corrective action" etc. And the course (accreditation) requirements do little to make any distinctions.

Jane (and Jim) are very correct in their assertions, however, this analysis is rarely (I'm bowing to fellow Covers who do teach such actions) part of the run of the mill auditor training. It really is time for there to be two separate paths for auditor training...
 
Last edited by a moderator:
Thread starter Similar threads Forum Replies Date
A Internal Audit - Findings - Recent Internet Audit (Prior to Certification) IEC 27001 - Information Security Management Systems (ISMS) 7
dubrizo Are you documenting Internal Audit findings as NCRs? Internal Auditing 18
dubrizo Audit Findings: Writing against Internal an ISO Clause Internal Auditing 10
M Do all findings (nonconformities) in an internal audit require a corrective action? Quality Management System (QMS) Manuals 55
S Internal Audit Findings Summary Rewrite by an Auditee ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
M Help with Internal Audit Findings ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
M Internal Audit Findings and Issuance Problem Internal Auditing 4
I Types of Internal Audit findings based on ISO 9001 Clause 8.2.2 Quality Manager and Management Related Issues 10
D Management Review Analysis of Internal Audit Findings Quality Manager and Management Related Issues 8
A How to Address Internal Quality Audit Findings Internal Auditing 8
B Critical Action Limits (CAL) for All Internal and External Audit Findings General Auditing Discussions 17
X ISO 9001:2008 Internal Audit - Classification of Audit Findings Internal Auditing 5
S External Auditor Findings when an Internal Audit found a Nonconformance Yesterday Document Control Systems, Procedures, Forms and Templates 11
L Categorizing Internal Audit Findings Internal Auditing 10
E Internal Audits - Presenting Audit Findings to Upper Management General Auditing Discussions 19
V Documenting the Root Causes for Internal Audit Non-Conformance Findings Problem Solving, Root Cause Fault and Failure Analysis 5
C Internal Audit Findings - Do I need to raise NC for amendments/revisions? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
eternal_atlas Review on Internal Audit Findings ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
eternal_atlas Internal Audit Findings in C&M works (HVAC, Firefighting, etc.) - Your Comments? General Auditing Discussions 6
R When and when not to write up minor internal audit findings? Internal Auditing 23
A Format for Reporting Internal Audit Findings General Auditing Discussions 17
J Nonconformance reports written only through internal audit findings? Nonconformance and Corrective Action 8
S How to Present Action Plans in Response to Internal Audit Findings? Preventive Action and Continuous Improvement 18
J Internal Audit Findings - Major vs. Minor Finding - Defining the differences Internal Auditing 14
Marc Internal Audit Findings and the Registrar Internal Auditing 5
Q ISO 9001-2015 Internal audit finding Internal Auditing 12
lanley liao How to understand this words that the planning of internal audit shall take into consideration the results of previous audits? Oil and Gas Industry Standards and Regulations 10
A Add MDSAP to Internal Audit Schedule Medical Device Related Regulations 0
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
S IATF 16949 Internal Audit Example IATF 16949 - Automotive Quality Systems Standard 7
R AS9100D internal audit checklist or ISO 9001 2015 to AS9100 D AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
M ISO 13485:2016 internal audit checklist Medical Device and FDA Regulations and Standards News 5
A Internal Audit Questions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
salaheddine96 Internal audit planning Internal Auditing 2
M ISO 9001 Major Nonconformance Internal Audit Schedule/COVID-19 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
E MDR internal audit Internal Auditing 1
U Internal Auditor not trained but done Audit for some process Nonconformance and Corrective Action 5
B Looking for 10 Internal Audit Online Training Participants ISO 17025 related Discussions 2
H AS9100 Checklist for Internal Audit needed AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 7
F Internal Audit before Pre-Assessment ISO 17025 related Discussions 2
Q Internal audit plan template Internal Auditing 12
L Internal audit during COVID-19 restrictions ISO 13485:2016 - Medical Device Quality Management Systems 5
O ISO13485 implementation - Are internal audits expected before stage 1 audit? Design and Development of Products and Processes 3
B Using Unreleased Documents & Process Maps for Internal Audit purposes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
N Small Company - Internal audit process - Who does the audit? Internal Auditing 16
J Does anyone have an excel IATF 16949 Internal Audit checklist I could use? IATF 16949 - Automotive Quality Systems Standard 7
G Addressing Non-Conformances from an Internal Audit that are not product related ISO 13485:2016 - Medical Device Quality Management Systems 11
S Internal audit discrepancy - We missed a few audits that were scheduled Internal Auditing 12
Raffy ISO 14001 9.2.2 Internal Audit Programme Content Internal Auditing 10

Similar threads

Top Bottom