Internal Audit Findings - Major vs. Minor Finding - Defining the differences

K
#11
Major/minor

I noticed in a few posts reference to requiring "Major" NC's to be "corrected" in a shorter time frame than "Minors". To me a "Major" (i.e. system breakdown) requires more effort/corrective action than a "Minor". I do require a plan for correction quickly, but have found in the past requiring corrective action to quickly gets me either a Curad or Johnson & Johnson bandaid.

Only my 2 cents
 
Elsmar Forum Sponsor

SteelMaiden

Super Moderator
Super Moderator
#12
Re: Major/minor

Originally posted by KenS
I noticed in a few posts reference to requiring "Major" NC's to be "corrected" in a shorter time frame than "Minors".
Only my 2 cents
I think you have the right idea Ken. I was going to say something similar. Our N/C's are typically just reported as pass/fail. The auditors have the authority to write them up in such a way as to quantify them i.e. they might write up the N/C saying "ten of the twelve examples" or that the problem appears to be systemic, or it appears to be isolated. We use the same time frame for all investigations. The key word here is investigations. You have one week to perform the investigation, which includes identifying the root cause. We can make adjustments to that due date if the department can show the need and it has to be outlined as to what their plan of attack is to find the root cause.

When the root cause is determined, a plan of corrective actions to be taken must be established. (dependent of course on the effects/severity/yada yada) The auditors will review those corrective actions, assist in evaluating whether or not the proposed due dates are within reason and a final implementation date for the corrective actions are set. Follow-up audits are set using the implementation date plus a reasonable amount of time to accumulate objective evidence that the actions taken were effective and satisfactory.

We get some actions that are performed even as the audit report is being distributed, and then there are some that take months. It all depends.

I realize that this is getting long, but stick with me here....It is my belief that there are a lot of people out there who confuse a the root cause analysis with corrective actions. I recently discovered that a large percentage of the technical people on our staff did not understand the difference. I asked in one of our meetings why we did not have any investigations on some customer issues (some of those things that happen in a startup that you discover and fix on the fly so actions were not appropriate anymore.) Out of the eight people in the room, five looked at me and said, "We don't have to investigate every issue, it says right in our manual that we can choose not to make changes if the problem isn't worth worrying about." Every one of the people in that room had been in this industry over 10 years. Every one of them had come from an ISO certified plant, and six out of the eight had come from a sister division.

I know that everyone in the division I came from knew the difference between root cause analysis and corrective actions. Why are so many systems lacking what should be basic knowledge of corrective and preventive actions?

OK, I'm stepping down from the soapbox. But if anyone cares to share their opinions on this, I'd sure like to hear them.
 
R

Randy Stewart

#13
The same corrective action process is in place for all failures. Same time frame and associated department responsibility.
I agree with you on that. If you maintain 2 separate 'standards' for the different categories you will find that more minors are found and the Majors are missed - no one wants to spend the time!!!

Why are so many systems lacking what should be basic knowledge of corrective and preventive actions?
This is a real problem and one I have seen also. Too often people look at the interim and think they're done! The other "biggy" is not following up to verify the effectivity of the permanent corrective action.

One of the things I strive for, during our internal audits, is being a coach. As Lead and Management Rep it is my job to ensure our system is compliant and works for us. It has paid off in a lot of ways, I get to teach the purpose and the "Spirit" of the standard, the shop personnel know I'm listening to them and their ideas first hand and they know I'll be there with them when the external gestopo comes along. It has helped me understand the difficulties they have on the floor, I get hands on experience for process improvement, etc. etc..

As some smart individual once said "ISO and QS Standards do not prohibit the use of reason".
 

gpainter

Quite Involved in Discussions
#14
In my old company we classified Major/Minor. Minor required no CAR other than correction. Major required formal CAR. Both require a follow-up.
 
#15
Nonconformance ranking for Internal Audits

At square #1: The internal audit function should be that which is defined in the procedures of the organization. The use of terms "major," "minor," "critical" or whatever the company may decide is appropriate for them is what counts--and is their decision.
If the company should use the terms "major" and "minor," it is their call to define them. It is not required nor specified how they be defined. Only for the sake of convenience, the company may wish to query their registrar to align the meanings between the two organizations for expediency--but again, this is but one approach.
Registrars use the definitions contained in the ISO/IEC Guide 62 and the International Accreditation Forum Application Guidance to Clauses of ISO/IEC Guide 62:1996 (available for free at www.iaf.nu.) The expanded definitions in the Guidance document contain "nonconformity," and is defined as follows: "The absence of, or failure to implement and maintain, one or more quality management system requirements, or a situation which would, on the basis of available objective evidence, raise significant doubt as to the quality of what the organization is supplying." IMHO, a nonconformity fitting this definition would be classified as a major nonconformance because in para G.3.5.3 of the guidance document, the registrar shall not grant certification until all nonconformities as defined in (the definitions) have been corrected, and the corrective action verified by the registrar (by site visit or other appropriate means.) It serves the registrar and the client to allow those nonconformities not rising to the definition above ("minor") to allow certification to go forward.
Hope this helps!
 
Thread starter Similar threads Forum Replies Date
A Internal Audit - Findings - Recent Internet Audit (Prior to Certification) IEC 27001 - Information Security Management Systems (ISMS) 7
dubrizo Are you documenting Internal Audit findings as NCRs? Internal Auditing 18
dubrizo Audit Findings: Writing against Internal an ISO Clause Internal Auditing 10
M Do all findings (nonconformities) in an internal audit require a corrective action? Quality Management System (QMS) Manuals 55
S Internal Audit Findings Summary Rewrite by an Auditee ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
M Help with Internal Audit Findings ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
M Internal Audit Findings and Issuance Problem Internal Auditing 4
I Types of Internal Audit findings based on ISO 9001 Clause 8.2.2 Quality Manager and Management Related Issues 10
D Management Review Analysis of Internal Audit Findings Quality Manager and Management Related Issues 8
A How to Address Internal Quality Audit Findings Internal Auditing 8
B Critical Action Limits (CAL) for All Internal and External Audit Findings General Auditing Discussions 17
X ISO 9001:2008 Internal Audit - Classification of Audit Findings Internal Auditing 5
S External Auditor Findings when an Internal Audit found a Nonconformance Yesterday Document Control Systems, Procedures, Forms and Templates 11
L Categorizing Internal Audit Findings Internal Auditing 10
Michael Malis For Internal Audit findings, would you open a CAPA for every observation? Internal Auditing 31
E Internal Audits - Presenting Audit Findings to Upper Management General Auditing Discussions 19
V Documenting the Root Causes for Internal Audit Non-Conformance Findings Problem Solving, Root Cause Fault and Failure Analysis 5
C Internal Audit Findings - Do I need to raise NC for amendments/revisions? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
eternal_atlas Review on Internal Audit Findings ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
eternal_atlas Internal Audit Findings in C&M works (HVAC, Firefighting, etc.) - Your Comments? General Auditing Discussions 6
R When and when not to write up minor internal audit findings? Internal Auditing 23
A Format for Reporting Internal Audit Findings General Auditing Discussions 17
J Nonconformance reports written only through internal audit findings? Nonconformance and Corrective Action 8
S How to Present Action Plans in Response to Internal Audit Findings? Preventive Action and Continuous Improvement 18
Marc Internal Audit Findings and the Registrar Internal Auditing 5
Q ISO 9001-2015 Internal audit finding Internal Auditing 12
lanley liao How to understand this words that the planning of internal audit shall take into consideration the results of previous audits? Oil and Gas Industry Standards and Regulations 10
A Add MDSAP to Internal Audit Schedule Medical Device Related Regulations 0
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
S IATF 16949 Internal Audit Example IATF 16949 - Automotive Quality Systems Standard 7
R AS9100D internal audit checklist or ISO 9001 2015 to AS9100 D AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
M ISO 13485:2016 internal audit checklist Medical Device and FDA Regulations and Standards News 5
A Internal Audit Questions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
salaheddine96 Internal audit planning Internal Auditing 2
M ISO 9001 Major Nonconformance Internal Audit Schedule/COVID-19 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
E MDR internal audit Internal Auditing 1
U Internal Auditor not trained but done Audit for some process Nonconformance and Corrective Action 5
B Looking for 10 Internal Audit Online Training Participants ISO 17025 related Discussions 2
H AS9100 Checklist for Internal Audit needed AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 7
F Internal Audit before Pre-Assessment ISO 17025 related Discussions 2
Q Internal audit plan template Internal Auditing 12
L Internal audit during COVID-19 restrictions ISO 13485:2016 - Medical Device Quality Management Systems 5
O ISO13485 implementation - Are internal audits expected before stage 1 audit? Design and Development of Products and Processes 3
B Using Unreleased Documents & Process Maps for Internal Audit purposes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
N Small Company - Internal audit process - Who does the audit? Internal Auditing 16
J Does anyone have an excel IATF 16949 Internal Audit checklist I could use? IATF 16949 - Automotive Quality Systems Standard 7
G Addressing Non-Conformances from an Internal Audit that are not product related ISO 13485:2016 - Medical Device Quality Management Systems 11
S Internal audit discrepancy - We missed a few audits that were scheduled Internal Auditing 12
Raffy ISO 14001 9.2.2 Internal Audit Programme Content Internal Auditing 10

Similar threads

Top Bottom