I think there's an assumption here about the company which there isn't data to support. In smaller organisations, there's no HR
Department as such. Given there's only a single person in that role, it seems possible they're in that situation. We should remember that 9001 is for all sizes of organisation, not just bigger ones.
And I'm not sure I'd agree the company hasn't assessed 'potential nonconformities' - I'd see this as more akin to perhaps a lack of risk management more than failure to assess potential NCFs.