Crimpshrine13
Involved In Discussions
I am wondering if someone can provide opinions about our situation. My apology for the lengthy post.
We had the renewal audit for IATF 16949 a few weeks ago. We've been certified to IATF 16949 since 2018 and this is for the 3rd cycle. We've seen many different auditors in the past since 2001 at the time we had QS 9000, then transitioned to TS 16949, then IATF 16949, which each auditor was unique in good and bad way, some were good communicators, some had attitude issues, and some were helpful. The most recent auditor was very different in many way, and she would go word by word on the standard, and came with disrespectful attitude.
At the end of the audit, she gave us 11 major NCs, no minors at all. I understand there were some weaknesses in the system, but we never thought they were total breakdown of the system.
For example, one of the finding was on PFMEA not being reviewed during MPA. We forgot to add the review of PFMEA on MPA checklist. Did we have any quality complaints from customers in past 5 years that were triggered by the items on PFMEA? No (we only had 1 or customer complaints in 5 years).
But she made it as a major.
Rules of Achieving and Maintaining IATF Recognition (6th ed.) says (page 92):
The NC she cited was:
There's 10 other NCs that she classified as major, but many we disagree. We thought if there were 11 major NCs, then our organization would not be functioning at all that we should be shutdown by now. One of them was was the internal and 2nd party auditor competency (she cited separately but basically the statement of NC was exactly the same - copy & paste). The weakness was the verification of the competency, but she said that old ISO 9000 or QS 9000 or TS 16949 certificates were "too old" and therefore these auditors were not competent and made it as a major NC. In the other thread I posted recently, someone called it "lazy auditor" and we agree because she didn't even looked at most of the training records.
We're currently 15th day after the audit (which I partially filled out CARA file and sent to the auditor anyway yesterday - none of them have complete evidence of the correction and in-depth root cause analysis - because doing in-depth root cause analysis and correcting all of them concurrently within 15 days is almost impossible - especially when it's a wordings issue or definition issues and classified as "major", and I am 100% certain that she will reject it, then we have only Tuesday and Wednesday to complete them as Thursday next week is the 20th day limit for the response to major NCs...having a Labor Day weekend is not super helpful either...).
I am not sure if appealing it now is an option with very limited time frame...we're kind of stuck with this audit findings when the auditor is so judgmental and not listening to what we have to say, and reading word to word but not seeing the overall picture of the context (nitpicking on each word was another issue we had and her justification was to get a copy of ISO 9000 Fundamentals and Vocabulary - which some of the words she mentioned was not even in it...). Another concern is that this audit was done by someone who is a veto power in the technical committee, so I'm curious to know if we appeal it, it'd be denied anyway.
We had the renewal audit for IATF 16949 a few weeks ago. We've been certified to IATF 16949 since 2018 and this is for the 3rd cycle. We've seen many different auditors in the past since 2001 at the time we had QS 9000, then transitioned to TS 16949, then IATF 16949, which each auditor was unique in good and bad way, some were good communicators, some had attitude issues, and some were helpful. The most recent auditor was very different in many way, and she would go word by word on the standard, and came with disrespectful attitude.
At the end of the audit, she gave us 11 major NCs, no minors at all. I understand there were some weaknesses in the system, but we never thought they were total breakdown of the system.
For example, one of the finding was on PFMEA not being reviewed during MPA. We forgot to add the review of PFMEA on MPA checklist. Did we have any quality complaints from customers in past 5 years that were triggered by the items on PFMEA? No (we only had 1 or customer complaints in 5 years).
But she made it as a major.
Rules of Achieving and Maintaining IATF Recognition (6th ed.) says (page 92):
Major nonconformity issued to a client
One (1) or more of the following:
- The absence or total breakdown of a quality management system to meet an IATF 16949 requirement. A number of minor nonconformities against one (1) requirement can represent a total breakdown of the system thus be considered a major nonconformity.
- A failure to comply with IATF 16949 that would result in the probable shipment of a nonconforming product (i.e., a condition that may result in the failure or materially reduce the usability of the products or services for their intended purpose).
- A failure to comply with IATF 16949 that, based on judgment and experience, is likely to result in either the failure of the quality management system or to materially reduce its ability to ensure controlled processes and products.
The NC she cited was:
Standard: IATF 16949:2016
Classification: Major
Standard clause: 9.2.2.3 Manufacturing process audit
Requirement
The organization shall audit all manufacturing processes over each three-year calendar period to determine their effectiveness and efficiency using customer-specific required approaches for process audits. Where not defined by the customer, the organization shall determine the approach to be used.
Within each individual audit plan, each manufacturing process shall be audited on all shifts where it occurs, including the appropriate sampling of the shift handover.
The manufacturing process audit shall include an audit of the effective implementation of the process risk analysis (such as PFMEA), control plan, and associated documents.
Statement of nonconformity
Compliance with the IATF requirement of "The manufacturing process audit shall include an audit of the effective implementation of the process risk analysis (such as PFMEA), control plan, and associated documents." cannot be established due to absence of the documented information. No evidence provided that process risk analysis (such as PFMEA) audit has been conducted.
Verified the organization's established documented information Planning and Implementing and Internal audit, section for manufacturing process audit states that the audit will include full layout inspection, walkthrough of the control plan. Audit of effective implementation of the process risk analysis (such as PFMEA) not captured in the documented information.
Verified actual records used during manufacturing process audit - Manufacturing Process Audit Checklist, audit of effective implementation of the process risk analysis (such as PFMEA) not captured in the checklist.
Justification for classification
The absence of a system to meet an IATF 16949 requirement.
Identified lapse is not a single observe lapse and considered a systemic issue as no evidence of compliance with the requirement of the standard to include an audit of the effective implementation of the process risk analysis (such as PFMEA)
There's 10 other NCs that she classified as major, but many we disagree. We thought if there were 11 major NCs, then our organization would not be functioning at all that we should be shutdown by now. One of them was was the internal and 2nd party auditor competency (she cited separately but basically the statement of NC was exactly the same - copy & paste). The weakness was the verification of the competency, but she said that old ISO 9000 or QS 9000 or TS 16949 certificates were "too old" and therefore these auditors were not competent and made it as a major NC. In the other thread I posted recently, someone called it "lazy auditor" and we agree because she didn't even looked at most of the training records.
We're currently 15th day after the audit (which I partially filled out CARA file and sent to the auditor anyway yesterday - none of them have complete evidence of the correction and in-depth root cause analysis - because doing in-depth root cause analysis and correcting all of them concurrently within 15 days is almost impossible - especially when it's a wordings issue or definition issues and classified as "major", and I am 100% certain that she will reject it, then we have only Tuesday and Wednesday to complete them as Thursday next week is the 20th day limit for the response to major NCs...having a Labor Day weekend is not super helpful either...).
I am not sure if appealing it now is an option with very limited time frame...we're kind of stuck with this audit findings when the auditor is so judgmental and not listening to what we have to say, and reading word to word but not seeing the overall picture of the context (nitpicking on each word was another issue we had and her justification was to get a copy of ISO 9000 Fundamentals and Vocabulary - which some of the words she mentioned was not even in it...). Another concern is that this audit was done by someone who is a veto power in the technical committee, so I'm curious to know if we appeal it, it'd be denied anyway.