Major Nonconformance Criteria

Crimpshrine13

Involved In Discussions
I am wondering if someone can provide opinions about our situation. My apology for the lengthy post.

We had the renewal audit for IATF 16949 a few weeks ago. We've been certified to IATF 16949 since 2018 and this is for the 3rd cycle. We've seen many different auditors in the past since 2001 at the time we had QS 9000, then transitioned to TS 16949, then IATF 16949, which each auditor was unique in good and bad way, some were good communicators, some had attitude issues, and some were helpful. The most recent auditor was very different in many way, and she would go word by word on the standard, and came with disrespectful attitude.

At the end of the audit, she gave us 11 major NCs, no minors at all. I understand there were some weaknesses in the system, but we never thought they were total breakdown of the system.

For example, one of the finding was on PFMEA not being reviewed during MPA. We forgot to add the review of PFMEA on MPA checklist. Did we have any quality complaints from customers in past 5 years that were triggered by the items on PFMEA? No (we only had 1 or customer complaints in 5 years).

But she made it as a major.

Rules of Achieving and Maintaining IATF Recognition (6th ed.) says (page 92):

Major nonconformity issued to a client
One (1) or more of the following:
- The absence or total breakdown of a quality management system to meet an IATF 16949 requirement. A number of minor nonconformities against one (1) requirement can represent a total breakdown of the system thus be considered a major nonconformity.
- A failure to comply with IATF 16949 that would result in the probable shipment of a nonconforming product (i.e., a condition that may result in the failure or materially reduce the usability of the products or services for their intended purpose).
- A failure to comply with IATF 16949 that, based on judgment and experience, is likely to result in either the failure of the quality management system or to materially reduce its ability to ensure controlled processes and products.

The NC she cited was:

Standard: IATF 16949:2016
Classification: Major
Standard clause: 9.2.2.3 Manufacturing process audit

Requirement
The organization shall audit all manufacturing processes over each three-year calendar period to determine their effectiveness and efficiency using customer-specific required approaches for process audits. Where not defined by the customer, the organization shall determine the approach to be used.

Within each individual audit plan, each manufacturing process shall be audited on all shifts where it occurs, including the appropriate sampling of the shift handover.

The manufacturing process audit shall include an audit of the effective implementation of the process risk analysis (such as PFMEA), control plan, and associated documents.

Statement of nonconformity
Compliance with the IATF requirement of "The manufacturing process audit shall include an audit of the effective implementation of the process risk analysis (such as PFMEA), control plan, and associated documents." cannot be established due to absence of the documented information. No evidence provided that process risk analysis (such as PFMEA) audit has been conducted.

Verified the organization's established documented information Planning and Implementing and Internal audit, section for manufacturing process audit states that the audit will include full layout inspection, walkthrough of the control plan. Audit of effective implementation of the process risk analysis (such as PFMEA) not captured in the documented information.

Verified actual records used during manufacturing process audit - Manufacturing Process Audit Checklist, audit of effective implementation of the process risk analysis (such as PFMEA) not captured in the checklist.

Justification for classification
The absence of a system to meet an IATF 16949 requirement.
Identified lapse is not a single observe lapse and considered a systemic issue as no evidence of compliance with the requirement of the standard to include an audit of the effective implementation of the process risk analysis (such as PFMEA)

There's 10 other NCs that she classified as major, but many we disagree. We thought if there were 11 major NCs, then our organization would not be functioning at all that we should be shutdown by now. One of them was was the internal and 2nd party auditor competency (she cited separately but basically the statement of NC was exactly the same - copy & paste). The weakness was the verification of the competency, but she said that old ISO 9000 or QS 9000 or TS 16949 certificates were "too old" and therefore these auditors were not competent and made it as a major NC. In the other thread I posted recently, someone called it "lazy auditor" and we agree because she didn't even looked at most of the training records.

We're currently 15th day after the audit (which I partially filled out CARA file and sent to the auditor anyway yesterday - none of them have complete evidence of the correction and in-depth root cause analysis - because doing in-depth root cause analysis and correcting all of them concurrently within 15 days is almost impossible - especially when it's a wordings issue or definition issues and classified as "major", and I am 100% certain that she will reject it, then we have only Tuesday and Wednesday to complete them as Thursday next week is the 20th day limit for the response to major NCs...having a Labor Day weekend is not super helpful either...).

I am not sure if appealing it now is an option with very limited time frame...we're kind of stuck with this audit findings when the auditor is so judgmental and not listening to what we have to say, and reading word to word but not seeing the overall picture of the context (nitpicking on each word was another issue we had and her justification was to get a copy of ISO 9000 Fundamentals and Vocabulary - which some of the words she mentioned was not even in it...). Another concern is that this audit was done by someone who is a veto power in the technical committee, so I'm curious to know if we appeal it, it'd be denied anyway.
 
Elsmar Forum Sponsor

Jen Kirley

Quality and Auditing Expert
Leader
Admin
I agree with @Randy - what I read about the auditing PFMEA does not meet the definition of systemic. Time for a dispute.
1) Certainly there can be more than one occurrence without an issue being systemic.
2) Since manufacturing process audits had been sampled, there can be no claim that there was zero evidence of 9.2.2.3 being assessed, and in any case that is a sub-clause. I would need to see zero audits of any kind being done in order to call out a complete absence of that clause's coverage.
I hope that makes sense.

I would be disturbed if the 10 other major NCs were similarly off target. Certainly the CB needs to look at them all. While the audit report should go through an internal review, disputing it would force a review at higher levels and for a specific purpose.

Update: Unless your process calls it out specifically, there is no requirement for "updating" auditor training when a certificate like ISO 9001 or 16949 is revised. It's a good idea, but not specifically required. Taking an update class is not standalone evidence of competency anyway. And so this major NC is also not a major - in fact, as written I would question it as a nonconformity altogether.
 
Last edited:

Sidney Vianna

Post Responsibly
Leader
Admin
I am not sure if appealing it now is an option with very limited time frame...we're kind of stuck with this audit findings when the auditor is so judgmental and not listening to what we have to say,
If you do not stand up to being abused as an auditee, you will have only yourself to blame. Veto power over appeals? That’s caca de toro. There is always a higher power. If I were a registrant and I felt an out of control auditor was having an auditor-gone-wild episode, I would go ALL THE WAY to the CB top management and the IATF folks as well. Any type of power abuse has to be combated. These people have to be made accountable.
 

Jen Kirley

Quality and Auditing Expert
Leader
Admin
I'm with @Sidney Vianna .

It's not useful to argue with the auditor about this sort of thing. Disputes need to be addressed within the CB, as per their internal procedures. You have the right as per accreditation rules. It is okay to claim your rights.

I am wondering what time frame you were given to respond. In my CB, majors need a response within 10 days.

In spite of it being 15 days, I would still ask for this review by the CB. It is important they have the chance to correct the auditor if they are going to do so. Having majors can put your certificate at risk at worst and force a revisit at least. If these are not really majors it is very important to not expose yourself to that needlessly.
 
Last edited:

Crimpshrine13

Involved In Discussions
1st appeal the Majors to the CB

2nd, is the auditor fulltime or contracted? Either way you're going to pay for a re-visit but a contractor can make more money

3rd and my personal opinion only.........How competent did the auditor appear

Thank you for your quick feedback - didn't expect any feedback this quickly since it's holiday weekend in the U.S....

Agreed to all of it... with regards to the auditor competency (this 3rd party auditor), it was in our opinion that she may be book-smart, but did not have practical hands-on knowledge of manufacturing process. Meanwhile, she also made incorrect statements in many things including MSA, so her insistence on us being not competent internal and 2nd party auditors, I'd like to say that she was not as competent either as the 3rd party auditor. She kept insisting that our customer rejected the PPAP because of the Gage R&R ndc number - which she wrote on the NC as well (I told her that was not the reason the PPAP was rejected but she would not listen). The ndc was approximately 16. She insisted our customer rejected because ndc was 1.41. Well, 1.41 is part of the calculation formula on the Gage R&R sheet, but not actual results...if she had known how it is being calculated, she should have known it that the results can never be 1.41 because it is part of the formula...:cautious:
 

Crimpshrine13

Involved In Discussions
I agree with @Randy - what I read about the auditing PFMEA does not meet the definition of systemic. Time for a dispute.
1) Certainly there can be more than one occurrence without an issue being systemic.
2) Since manufacturing process audits had been sampled, there can be no claim that there was zero evidence of 9.2.2.3 being assessed, and in any case that is a sub-clause. I would need to see zero audits of any kind being done in order to call out a complete absence of that clause's coverage.
I hope that makes sense.

I would be disturbed if the 10 other major NCs were similarly off target. Certainly the CB needs to look at them all. While the audit report should go through an internal review, disputing it would force a review at higher levels and for a specific purpose.

Update: Unless your process calls it out specifically, there is no requirement for "updating" auditor training when a certificate like ISO 9001 or 16949 is revised. It's a good idea, but not specifically required. Taking an update class is not standalone evidence of competency anyway. And so this major NC is also not a major - in fact, as written I would question it as a nonconformity altogether.
Thank you for your quick feedback.

This was exactly my thought as well on PFMEA. If it was any other auditors, they would have said that the MPA was done according to the defined schedule, however PFMEA was not reviewed, and considered as a minor because that was what was missing in the process. It was my opinion that auditors should also look at the overall risk of this incident, and if I was an auditor, I'd look at the customer complaints and if there was nothing that indicated the risks of the nonconforming products, it would be considered as minor (if it wasn't effectively corrected and repeated citation of the last audit, then it would be a major, but this was the first time finding).

With regards to the competency, there's no requirement to have the updated certificates as you mention, and I just don't know how this could be a breakdown of the system as well. I agree that there was a weakness in the verification of the competency maybe, but having the older certificates for prior standards automatically don't make us incompetent. If we were incompetent, how could we have been certified to IATF 16949 over the past years to begin with (two employees' certificates she looked at - both have been working here over 10 years and had gone through TS transition from QS and IATF transition from TS, and these are the primary employees involved in these transitions)? The auditor should have made it more simple that the verification process of the competency was unclear instead of listing all old certificates she reviewed as evidence and say that the competency to IATF 16949 internal/2nd party auditor could not be verified.

One of the NCs I accept it as a major. But the rest (10 of them) - I will discuss with my colleague on Tuesday again and proceed for an appeal.
 

Jen Kirley

Quality and Auditing Expert
Leader
Admin
It sounds to me like it's time for not just a dispute, but a complaint as well. I would list your issues with this auditor's performance, but limit them to topics you can support with data in case you get asked for details.

While it's no use arguing with an auditor, it is okay to point out when and where they are confused in case they are inclined to reconsider. I have d
done so when I was audited while an internal auditor, and as a CB auditor I have given way when additional information was presented to me. That is why nonconformities are not truly "set" until the closing meeting. I wasn't there, but based on what you describe it seems clear your auditor was not so inclined.

All of this is what disputes are for. We auditors need to be corrected sometimes. And CBs are supposed to include resulting learnings in our annual training so the entire group can also have a chance to learn from this. Lots of clients are reluctant to dispute. Some think they may have repercussions brought on them by the CB. If that ever happens, you need a new CB. And if you complain, that particular auditor should not be reassigned to you. If they are, that's another reason to get a new CB. Bottom line is, you have the right to speak up.
 

Crimpshrine13

Involved In Discussions
If you do not stand up to being abused as an auditee, you will have only yourself to blame. Veto power over appeals? That’s caca de toro. There is always a higher power. If I were a registrant and I felt an out of control auditor was having an auditor-gone-wild episode, I would go ALL THE WAY to the CB top management and the IATF folks as well. Any type of power abuse has to be combated. These people have to be made accountable.
Thank you for your quick feedback.

Agreed. Initially we were thinking about appealing right after the audit, then we swayed and maybe not, but as I was going through these corrective actions, I still disagreed to majority of them being majors and couldn't stand after I submitted the incomplete 15-day response last night. I took Rules of Achieving and Maintaining IATF Recognition home with me late last night because I still couldn't understand tolerate why they had to be majors and if we need to shut up and do as being told. I felt this was more like bullying than anything else. I'm 100% certain that she came out to do this renewal audit because there was zero (0) findings in the last surveillance audit (auditor was too exhausted with the delayed flight and didn't get to the hotel until after midnight, and could not focus on the audit very much).

On Tuesday after Labor Day, I will start appeal process with CB, but I just wonder if IAOB should also be notified as there isn't much time left...

I've done an appeal process with previous CB a while back - at that time, CB didn't take immediate action and I took it to IAOB. This time there's only a few days left so I do not know how things would go but we will try our best.
 

Crimpshrine13

Involved In Discussions
I'm with @Sidney Vianna .

It's not useful to argue with the auditor about this sort of thing. Disputes need to be addressed within the CB, as per their internal procedures. You have the right as per accreditation rules. It is okay to claim your rights.

I am wondering what time frame you were given to respond. In my CB, majors need a response within 10 days.

In spite of it being 15 days, I would still ask for this review by the CB. It is important they have the chance to correct the auditor if they are going to do so. Having majors can put your certificate at risk at worst and force a revisit at least. If these are not really majors it is very important to not expose yourself to that needlessly.
It sounds to me like it's time for not just a dispute, but a complaint as well. I would list your issues with this auditor's performance, but limit them to topics you can support with data in case you get asked for details.

While it's no use arguing with an auditor, it is okay to point out when and where they are confused in case they are inclined to reconsider. I have d
done so when I was audited while an internal auditor, and as a CB auditor I have given way when additional information was presented to me. That is why nonconformities are not truly "set" until the closing meeting. I wasn't there, but based on what you describe it seems clear your auditor was not so inclined.

All of this is what disputes are for. We auditors need to be corrected sometimes. And CBs are supposed to include resulting learnings in our annual training so the entire group can also have a chance to learn from this. Lots of clients are reluctant to dispute. Some think they may have repercussions brought on them by the CB. If that ever happens, you need a new CB. And if you complain, that particular auditor should not be reassigned to you. If they are, that's another reason to get a new CB. Bottom line is, you have the right to speak up.
Thank you for your quick feedback and insight.

I will sit together with my colleague on Tuesday after Labor Day and proceed for the appeal process even if there's a time constraints. You are right, we have a right to appeal as an auditee. While many auditors we've seen in the past were more polite and willing to learn what we do (and many times it have been value-added experience), some wanted to push their opinions instead of going with the standard and not willing to listen (maybe temperament issue?). We had a very bad auditor one time and not only complained to the CB, but also appealed the NCs, yet the CB did not react quickly, so I had to go to IAOB to complain. This and the bad schedule management at the CB (high turnover at client services), we left that CB and switched to the current one in 2018. For the most part, we were very satisfied with the current CB until they dropped this bomb.

I guess whether the CB change is needed or not would be dependent on how this CB would react to our appeal and complaint. But meanwhile, we will go with the appeal process...we shouldn't have to go with what one auditor insists if it is not reasonably justified.
 
Top Bottom