Is there a difference between "Recommendation" and an "OFI" in Internal Audit?

SGquality

Quite Involved in Discussions
#11
Thanks for all your valuable suggestions ... after reading, I will have a common "Recommendation / OFI" and not seperate it !
 
Elsmar Forum Sponsor
Q

Quality Bryan

#12
Re: Is there a difference between "Recommendation" and an "OFI" in Internal Audit ?

Great question and something I've dealt with as well. We've gone from OFI to Recommendation but really it's just semantics. Either way as suggested above, anything outside of a nonconformity is conforming. We use recommendations under the description "that if allowed to continue (not corrected) could lead to a nonconformance".

Great forum.
 

somashekar

Staff member
Super Moderator
#13
Hello friends,

I wanted to know if there is a difference between "Recommendation" and an "OFI" ...

As per our system, we categorize audit findings into Major, minor and Recommendation but in line with other concepts, wanted to add in "Oppurtunities for Imprivement (OFI)" and I thought I would be able to differentiate both terms as follows -

Recommendation - any suggested improvement in the existing system

OFI - any suggested imporvements based on industry best practices or from benchmarking.

Would I be right in my approach ?
Hi SGquality.
Internal audit system is not to copy cat certification body audit system in its entirety.
Learn the auditing methodology and let alone the NC catagorization. The CB has to do it based on certain guidelines made for them.
For you internal audit finding is a chance to fix / correct / initiate corrective action based upon the depth of the finding. Just address each and every finding without spending valuable time in :argue: about finding categorization.
If your internal audit procedures says about such categorization, amend it soon.
Just have audit >> NC >> Fix / Correct / CA
 

TPMB4

Quite Involved in Discussions
#15
I'd have thought you only really need two categories, NC & OFI/Recommendation. Record anything that is wrong with your system/process is recorded as a NC, you don't need to record things that are right. OFI or recommendation is where the auditor has used their experience or outsider's viewpoint to see where there is a better way, something that makes the process or system element better performing. It could be an improvement that saves the company money/reduces the costs or makes the system more robust. If acted upon it improves things but if not acted upon there is still no NC caused.
Mind you, if the auditor sees something that is not a NC but believes will become a NC later on then they should act. Perhaps that too is an OFI or is it still a NC?
 
R

Reg Morrison

#16
you don't need to record things that are right.
I think that is one of the biggest mistakes in auditing: Not reporting positive findings. Many times, an auditor can observe a "best-practice" and, without reporting the noteworthy finding, chances are, the best-practice will not be shared with the rest of the organization.

Reporting marked improvements in performance and other positive observations help in sending a message that audits are not meant ONLY to find and report problems.

Confirming good achievements is also important and organizations should make sure audit reporting is fair and balanced, in a way also to engage senior management. Sometimes, reaffirming positive behaviors and results will make much more impact than limiting oneself to report only problems.
 

insect warfare

QA=Question Authority
Trusted Information Resource
#17
I'd have thought you only really need two categories, NC & OFI/Recommendation. Record anything that is wrong with your system/process is recorded as a NC, you don't need to record things that are right. OFI or recommendation is where the auditor has used their experience or outsider's viewpoint to see where there is a better way, something that makes the process or system element better performing. It could be an improvement that saves the company money/reduces the costs or makes the system more robust. If acted upon it improves things but if not acted upon there is still no NC caused.
Mind you, if the auditor sees something that is not a NC but believes will become a NC later on then they should act. Perhaps that too is an OFI or is it still a NC?
There are some internal auditors out there who assume that OFI's should only be written up for nonconforming situations. But even some conforming situations can use improvement, too. In reality, I have written up numerous OFI's for conforming situations where I happened to have sufficient knowledge of the situation to provide my expertise. Did the process owners have to follow my advice? No, but they did nonetheless, and they realized some small benefits.

Why are auditors encouraged to do this? (1)To enable process owners to rise above just doing the bare minimum, and (2) to provide a helping hand as a fellow member of the organization. Internal auditors should be objective when they are auditing, but when it comes down to recommending improvements, auditors must also realize that they are playing for the same team as their fellow co-workers - provide that "helping hand" and not act like they are on the outside of it looking in.

This is an essential hallmark of good auditing, IMHO.

Brian :rolleyes:
 
#18
I think that is one of the biggest mistakes in auditing: Not reporting positive findings. Many times, an auditor can observe a "best-practice" and, without reporting the noteworthy finding, chances are, the best-practice will not be shared with the rest of the organization.

Reporting marked improvements in performance and other positive observations help in sending a message that audits are not meant ONLY to find and report problems.

Confirming good achievements is also important and organizations should make sure audit reporting is fair and balanced, in a way also to engage senior management. Sometimes, reaffirming positive behaviors and results will make much more impact than limiting oneself to report only problems.
Agreed, Reg. However, you can't overlook the impact that doing 1 internal audit a year has. How would such an auditor know what's "best practice", anyway? These people are often chosen from another part of the organization and have little experience of the process they audit (in the name of independence) so what's the chance they have a clue about best practice? Someone from purchasing auditing a design engineer, for example?

Nice idea to report such a thing - often unlikely to happen, IMHO.
 
L

lukaslukas

#19
Hi,
I read some of the Internal Audit Findings threads and failed to find the system used in my company. What we use internally is:
NC - Nonconformity, we do not meet the requirement (I got rid of Major/Minor split; Majors do not happen in a mature organization with ISO9001 certified for 20 years)
OBS - Observation, there is a risk of nonconformity occurance and should be addressed
OFI - Opportunity For Improvement, there is no risk of NC but based on auditor's knowledge/experience a more efficient/effective/safe solution is proposed.
I have recently found wrong description of these in our QMS (confusing OBS and OFI) and would like to get an opinion on above before I make it official.
Does anyone see any weakness in this structure?
 

somashekar

Staff member
Super Moderator
#20
Hi,
I read some of the Internal Audit Findings threads and failed to find the system used in my company. What we use internally is:
NC - Nonconformity, we do not meet the requirement (I got rid of Major/Minor split; Majors do not happen in a mature organization with ISO9001 certified for 20 years)
OBS - Observation, there is a risk of nonconformity occurance and should be addressed
OFI - Opportunity For Improvement, there is no risk of NC but based on auditor's knowledge/experience a more efficient/effective/safe solution is proposed.
I have recently found wrong description of these in our QMS (confusing OBS and OFI) and would like to get an opinion on above before I make it official.
Does anyone see any weakness in this structure?
NC = NC and no questions about that, OK
OBS = NC
You are internal to the company and not consulating to let the decision be taken or ignored.
OFI = Output from the internal audit based on internal auditor knowledge and experience. See post #17 above.
These are inputs to measurement, analysis and improvement to continually improve the effectiveness of the QMS as required in 8.1 c) of the ISO9001
 
Thread starter Similar threads Forum Replies Date
W What is the difference between TYPE B and TYPE BF? IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
T The difference between ISO 14644-3:2005 and ISO 14644:2019 Other Medical Device Related Standards 2
Q Terminal Lugs sizes - Difference between 225/24 vs. 275/24 lugs Manufacturing and Related Processes 2
M Difference between "Production Trial Run" and "Run at Rate" IATF 16949 - Automotive Quality Systems Standard 8
D Difference between Test Method Validation and Gage R&R Qualification and Validation (including 21 CFR Part 11) 18
A What is the difference between Design Process, Process Design and Design Control? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
R What's the major difference between Green Belt and Black Belt in term of training and project Six Sigma 3
T Difference between a subcontractor and a supplier ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 21
H Difference between Stainless Steel 316 ASTM F899 and ASTM A276 Other Medical Device Related Standards 3
A Exact terms for a plating failure and difference between rejection rate and failure rate Manufacturing and Related Processes 9
M Difference between MSA and MSE? General Measurement Device and Calibration Topics 1
gramps What is the difference between discrete and continuous variables? Problem Solving, Root Cause Fault and Failure Analysis 3
JoCam Difference between Approval and Registration - ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 2
S Difference between EU-MDR Annex IX and the Annex-combo X&XI EU Medical Device Regulations 4
T ISO 17025:2017 Clause 4.2.2 - The difference between "be notified" and "be informed" ISO 17025 related Discussions 4
Jimmy123 What is the difference between Error Proofing and Controls? ISO/IATF 16949 - Control Plans FMEA and Control Plans 16
C IEC 60601-1-8, difference between table 4 and annex D IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
A What is the difference between Basic UDI-DI and UDI-DI? EU Medical Device Regulations 6
Q What is the difference between AS9100D 9.3.2.f and 9.3.3.a AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 8
M Aluminum - What is the difference between 6061-T6 and 6061-T651 (both per ASTM B211)? Manufacturing and Related Processes 4
P What is the exact difference between Risk and Opportunity in context of ISO 27001? IEC 27001 - Information Security Management Systems (ISMS) 7
S Difference between Surface Finish (Ra) and Flatness (GD&T) Inspection, Prints (Drawings), Testing, Sampling and Related Topics 6
O Air Flow - Which is the operational difference between LAF (vertical and horizontal) and RLAF? Manufacturing and Related Processes 2
S What the difference is between Stub Acme & Acme thread? Oil and Gas Industry Standards and Regulations 1
S DO 178B - What is the difference between review and verification? Federal Aviation Administration (FAA) Standards and Requirements 1
T The difference between SOP and Kaizen Standardization Lean in Manufacturing and Service Industries 2
K Difference between intended purpose and intended use of the device EU Medical Device Regulations 9
Q What is the difference between normal and licensed internal auditor? VDA Standards - Germany's Automotive Standards 9
J What is the difference between Process Variation and Tolerance? Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 4
O Difference Between PFMEA & Control Plan FMEA and Control Plans 3
S Difference between an Advisory Notice (ISO 13485) and a Field Safety Notice? ISO 13485:2016 - Medical Device Quality Management Systems 3
T Difference between "data analysis" and "management review" ISO 13485:2016 - Medical Device Quality Management Systems 4
qualprod What is the difference between 7.4.1 (2008) and 8.4.1 (2015)? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
D Difference between uncertainty and expanded uncertainty of measurement General Measurement Device and Calibration Topics 1
S EASA Part 145 - The difference between non-certifying staff and Certifying staff Federal Aviation Administration (FAA) Standards and Requirements 2
S The difference between a Medical Device Accessory and Component Canada Medical Device Regulations 2
S What is the difference between a service request and a complaint? ISO 13485:2016 - Medical Device Quality Management Systems 2
I What is the difference between OOS/OOT Imported Legacy Blogs 3
A Definition Difference between Quality System Procedure and Standard Operating Procedure (SOP) Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 4
Q Difference between Monitor & Measurement ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
T QA vs. RA - The difference between QA and RA Coffee Break and Water Cooler Discussions 6
A Difference between Discrimination and Least Count IATF 16949 - Automotive Quality Systems Standard 2
K Difference between Medical Electrical Equipment and Medical Equipment System IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
M Usability Standard - The difference between IEC 60601-1-6 to IEC 62336 Human Factors and Ergonomics in Engineering 1
S What is the difference between Verification and Validation of Test Reports? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
A Difference between ISO 9001:2015 Clauses 8.1 and 8.5.1 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
M IATF 16949 Cl. 8.4.2.2 vs 8.6.5 - Is there any difference between these clauses? IATF 16949 - Automotive Quality Systems Standard 7
C What is the difference between "Overall Risk" and "Risk"? (ISO 14971) ISO 14971 - Medical Device Risk Management 10
C The difference between a Critical Dimension vs. Critical Characteristic Misc. Quality Assurance and Business Systems Related Topics 2
A ISO 9001:2015 - The difference between 6.1.1b and 6.1.1d - IMHO, d) implies b) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1

Similar threads

Top Bottom