Is it ok or risky for an auditor to recommend corrective action?

P

Polly Pure Bread

Is it advisable to add a line or two drawing out points or recommend corrective actions to take subsequent to audit findings statement? I feel that there will be a risk of ineffective action and untimely action taken or even non-action issues if the solution will come from the auditor.

I’d appreciate your thoughts on this.
 

howste

Thaumaturge
Trusted Information Resource
I agree, it's not usually a good idea. Of course if you did want to make a recommendation, you could always recommend that they do a cause analysis and eliminate the cause... :notme:

As an internal auditor I'd have more lattitude than an external auditor. As far as suggestions go, I wouldn't give anything in writing. I might verbally give some ideas, but I'd also make sure that they realize that they own the corrective action, and are responsible for ensuring that whatever they do is effective.
 
A

arios

but I'd also make sure that they realize that they own the corrective action, and are responsible for ensuring that whatever they do is effective.

I like this approach as proposed by Howste. There is always a chance that the auditee may say "you said it..." or "the former auditor asked us to do so", however if we carefully ask them to improve on this or that area without giving specific advice then we also help them to grow
 
T

Tony C

I agree, it's not usually a good idea.
As an internal auditor I'd have more lattitude than an external auditor.
:agree1:

I would encourage knowledgeable internal auditors to suggest solutions to non-conformances. After all they do not have to be followed but at least be considered.

For External Auditing it is difficult to recommend corrective actions but "off the record" recommendations are sometimes given or suggestions made under observations.

Regards,

Tony
 

dsheaffe

Involved In Discussions
I totally agree with Tony. "Knowledgeable" internal auditors should provide suggestions - I would think that they are more likely to look outside the box when considering how non-conformances could be addressed and they are also likely to have a better understanding of how they may impact on other areas of the business. (And I stress knowledgeable and suggestions).

From an external auditors perspective (and speaking from experience), when I was asked for suggestions I was very careful to emphasise that they werent recommendations, but merely food for thought - and their individual curcumstances needed to be considered. In some cases, I wouldn't provide any suggestions, as I knew that they were just going to implement whatever I suggested without any real thought - then blame me when it didn't work.

As a final point, I now have to deal with 2 different external auditors. One is happy to offer suggestions on how he has seen different organisations approach the same ISO 9001 requirements - and the other just responds "You are not paying me as a consultant". You can guess which one I feel provides the better value-added service.

Cheers,

Dave
 
T

tyker

A good auditor should be good at asking questions and, after finding a non-conformity, should have no problem asking pertinent, helpful questions.
These could lead the auditee through a 5why or similar thus initiating a solution without making suggestions or taking over ownership of the corrective action.
 
A good auditor should be good at asking questions and, after finding a non-conformity, should have no problem asking pertinent, helpful questions.
Exactly. :agree1:

I generally avoid even suggestions due to the fact that the auditee usually possess more detailed knowledge about the process than I do. I am, however, quite happy to have an off the record discussion about possible actions.

Yes, I know: Semantics... :notme:

/Claes
 

jkuil

Quite Involved in Discussions
From the ISO 9001 Auditing Practices Group Guidance on: How to add value during the audit process:

While the third party certification auditor cannot provide recommendations on how to meet the requirements of ISO 9001:2000, it is acceptable and indeed good practice to encourage and stimulate (but not require!) the organization to go beyond the requirements of the standard. The questions the auditor asks (and the way he or she asks those questions) can provide valuable insights for the organization into how the QMS could become more efficient and useful. Identification of “Opportunities for Improvement” by the auditor should include ways in which the effectiveness of the QMS might be enhanced, but could also address opportunities for improved efficiency.

Secondly from the ISO 9001 Auditing Practices Group Guidance on: Documenting a Nonconformity

The final (and most important) part of documenting a nonconformity is the writing of a statement of nonconformity. The statement of nonconformity drives the cause analysis, correction and corrective action by the organization, so it needs to be precise.

Subsequently this document provides guidance on the handling of the non-conformity and the included example of the NCR includes a review and approval of the corrrective action plan.

So, there are three phases in which the auditor can provide support to the auditee to do the right things, without suggesting specific corrective actions. Corrective action plans require thoughrough root cause and risk analysis and with proposing actions, you might cause the auditee not to perform the analysis. The auditee has to provide the analysis results to justify the proposed corrective action plan. If the arguments are sound, the action plan is adequate, even when it deviates from your original thoughts.
 
V

vanputten

For internal audits, in a healthy environment, it might be okay to recommend corrective actions. But it can be risky to sugget corretive actions because one can easily be sucked into doing the corrective action too. If you suggest a solution, you run the risk of owning and implementing the corrective action.
 
D

db

I am much less likely to offer recommendation to CA as I am to PA. The main risk to recommending actions is that the auditor now "owns" the action. Should the activity not perform the action correctly, or if it does not have the desired result, then the auditor will get the blame.

There are time, however, when the activity does not understand the requirements. Then, I make sure they understand exactly why the situation is nonconforming.
 
Top Bottom