Non Conformance for Adding to Control Plan

Howard Atkins

Forum Administrator
Non Conformity!!!!!!

I just had a survellance audit and the auditor tried to give me a non conformance because I had added to the control plan as a result of corrective actions. I told him that I can add what I like to the control plan with out permission. In the end he accepted this.
Just shows .!!


Fully vaccinated are you?
I've been thru plenty of audits - doesn't surprise me one bit. It has been one of my complaints for a number of years.

Kevin Mader

One of THE Original Covers!
We are all human I guess, even Registrars. I have had a few issues myself, but so far I have been able to work through the issues. My advice to those who have or haven't been through it: be nice, explain your position well. If that does not work, differ the issue to the next level for consideration. If that doesn't work, satisfy any Corrective Actions request, don't invite that auditor back, and consider searching for a new Registrar. It's your money.


Fully vaccinated are you?

I disagree with interpretations being a matter of all of us 'being human'. It is an issue of experience and understanding mixed with intent. I have worked with many standards over the years. I cut my teeth on military specifications. I got my first job in quality because I told the company I understood them (MIL SPEC). I studied the appropriate ones for the product as required by contracts. I often had to explain how the company I worked for 'meets the intent' of a spec. I got into ISO as I thought it was comparatively easy - and it is.

We come down to interpretations. And with QS came rediculousness (spelling?). But then, QS is a customer requirement and ISO is an international specification, if you will.

Anyway, I approach every client from the First meeting with a diatribe which approximates the following:

"I cannot do this for you. QS9000 and ISO900x are, as a group, requirements in so far as registration is concerned. I have to transfer my knowledge to someone. And - when that person is ready, that person will understand the requirements and the intent of the details of the requirements with respect to their business and company systems."

"Auditors are often problematic in part because there has been a rush by marginally qualified people to and thru the Lead Auditor Certification Process."

I had one auditor who was a college professor who smelled money. When it came to interpretations, he was often a wash. Yes - I know the 'time in business' aspect but even that does not ensure consistent interpretations.

I do admit the college professor would listen to reason and we often 'worked through it' to a convergent point as you say.

"You will have to be ready to fight with the auditor over points of contention. Auditors are often simply not right in their interpretation. In my very first ISO9001 audit, within 30 minutes of the start of the audit we were given our first 'minor'. The auditor said it was not easy for him to tell the differences between the current quality manual and the last version. I had written a documentation database for the company. All revisions were detailed except for that one. We had taken the old quality manual and completely revised it - like major, major revision. In the database field where we listed the changes, we simply put a statement which said "Due to the dramatic and extensive changes, the changes are not listed here. Please compare the two manuals if you need to tell differences." We did this because it didn't make much sense to list 100 pages of changes (which is what it would have taken if each specific change had been listed and addressed). I asked the auditor where in ISO9001 it said it has to be easy for him to tell the differences. He hemmed and hawed and thumbed the spec and finally said "It's implied". Well, now, bull REDACTED. He never did buy off on it - we kept that minor. I can say, however, the rest of the audit went quite well. I think I cowed the guy. Attacked him right off the bat with a Show Me Where.... But then - we were all ready to explain how we complied. We were ready!

The point is you have to understand the spec and the intent and be ready to explain and argue your position or auditors will end up running right over you and you'll end up doing things to your systems 'because the auditor said so'. Choose your battles well, but there are times when battle is neccessary.

It's not 'human nature' - it's a matter of interpretation, understanding of intent, and being Ready To Explain! Don't get me wrong - I have run into a lot of very qualified auditors. None the less, one must be ready.

I tell clients: I'm little more than a piano teacher. I can teach you how to play faster than you can learn yourself. I can teach you how to read music. I can teach you what the conventions are. I can teach you how to play the game. BUT - when the concert starts my fingers cannot be on the piano keys. You must play your own concert. And you have to be ready for it. I can't do it for you.

Every client I have had has been 'first audit' successful. And they know their stuff - they are READY! Much like Formal Logic and Debate in college, this is a game any company can win.

Nor do I mean to detract from the 'goodness' of ISO9001 (or many aspects of QS9000). I believe there is 'goodness' in them both. This is to say, for example, a defined, substantial, 'robust' design process is 'goodness' just as well designed and executed Nonconformance and Corrective Action systems have 'goodness'. They are beneficial and important systems to any business.

OK - now rip me up!

Don Winton

Good show, Howard.


Rip you up - I cannot. You made all points very well. I also grew up with MIL standards. Interpretation is not a problem with GSA auditors, IT IS A WAY OF LIFE! During my experience, the GSA ( o )’s did not even want to see the standard. They had their minds made up and did not want to hear your side. But that is another story.

I agree that with QS came ridiculousness (sp) which is part of the reason I try to shy away from QS issues. But, then again, to this point that has not been a problem for me. My company is going for ISO with the FDA’s QSR. But interpretation is going to be an issue with the FDA inspectors anyway, so I draw on my MIL experience. I found that out during my ISO preassessment. My auditor was a former FDA inspector with EU qualifications. She kept wanting my system to comply her interpretation of the QSR (This was an ISO preassessment), which I successfully defended as not being required. I will deal with the FDA during an FDA assessment. In short: If you need it, have it. If you do not need it, do not have it, but be ready to explain WHY you do not and how you meet the intent of the standard.

Your handling of the auditor during the first assessment you mention struck a nerve. Not with what happened, but it appears from your account that this assessor’s attitude may be typical of some (not all). They come into YOUR facility to examine YOUR system, but set themselves up as the experts. Your ‘Show Me Where’ should have been enough to drop the noncompliance, but it would seem he did not want to admit an error in front of what he now perceives as a peer. Once you demonstrated your knowledge and experience, he appears to have backed off somewhat. Perhaps my interpretation is not accurate.

One last item: “The point is you have to understand the spec and the intent and be ready to explain and argue your position or auditors will end up running right over you and you'll end up doing things to your systems 'because the auditor said so'. Choose your battles well, but there are times when battle is necessary.” On this item and others when dealing with interpretation, I draw from Sun-Tzu:

“One Who Knows When He Can Fight, and When He Cannot Fight, Will Be Victorious.”
“One Who Recognizes How to Employ Large and Small Numbers Will Be Victorious.”
“One Whose Upper and Lower Ranks Have the Same Desires Will Be Victorious.”
“One Who, Fully Prepared, Awaits the Unprepared Will Be Victorious.”
“One Whose General Is Capable and Not Interfered With by the Ruler Will Be Victorious.”


Kevin Mader

One of THE Original Covers!

Perhaps I did stretch the definition of a human being a bit to far. Good points on the qualifications of an auditor, I can't rip you there (or anywhere really). I agree that with the explosion of ISO900x, Registrars bent the guidelines for hiring auditors too much. You also make an excellent point that by defending your contentions you may cause the auditor to do some silent reconsideration (even if it is not at the point at hand but rather future points of consideration). I think a good auditor wouldn't be discouraged enough not to probe, but one that does not have the understanding and confidence probably would. I guess the advice I gave is based on the fact he has the power, right or wrong, to sway the outcome (honey vs. vinegar, an NFL referee).

You raised an interesting question (at least to me) about QS9000 and the registrar. All of us have read a lot about the qualifying of QS auditors. The question I have for you (and anyone wanting to contribute) is how have these auditors faired in comparison with the ISO auditors you have encountered? Better or worse? Knowledgeable or Not? How about their interpretations on the "should" items as there is room for interpretation and implementation? Of course these questions can be answered some better, some worse. What I wanted to see was more in line with the actual experiences and solutions. Perhaps this should have been raised as a new topic, I will leave that at your discretion.


Fully vaccinated are you?

The auditor we had at the first audit who 'it was not easy for...' was a retired GM person (this was an ISO audit, remember, not QS, and it was 6/94 as I remember). He was a nice guy but his expectations were off the wall.

Now - I think there are good auditors - I do not mean to condemn them all.

I see each auditor as a person with a specialty that they are good at. During my time with Motorola we learned several things early:

1. You have to have a single responsible auditor who attends *EVERY* audit (project manager, if you will). That person becomes the 'expert' on your company for the registrar. If the audit is a Singapore facility, s/he is there. If the next one in in Scotland, s/he is there. Before we did this the interpretations issues were really an impossibility to deal with. Again, that single individual *HAD* to be the Lead Assessor at every audit at every facility - NO Exceptions!!!!!!

2. Team composition may change but we reserved the right to (and for the most part did) 'interview' each prospective auditor with rejection power and with the input of where that auditor should be checking. (For example, one person we 'interviewed' was terrible on calibration. I mean that person was BAD. We asked that that person NOT be involved in review of any part of the calibration system(s)). We found each auditor had strengths and weaknesses and wanted to ensure we had people familiar with fabs auditing fabs, etc. A few auditors did not work out, almost all did, however.

That implementation effort taught me a lot about auditors and what happens with interpretations. Understand that many of the systems were 'master Motorola systems' and thus at each facility they were identical. One auditor would agree to compliance of a specific system while another auditor at another facility 'saw things differently' with regard to compliance of that same system. Obviously a nightmare can erupt.

We also, by the way, had an 'interpretations list' where we posed questions to LRQA (Motorola's registrar) about monthly. I must admit most of their responses, however, were so vague I was, well, I'll just say I was 'seriously disappointed'.

Kevin, you comment about the 'should' - heck - look around the site at some of my ramblings. I believe a couple of years ago I had a line which read something like "Coming Soon! QS9000 as a foreign language!" wherein I lambasted them for using the word SHOULD where SHALL was the word they should have used with regard to their expectations. This also illustrates something else I tell (and try to drill into) my clients - 'Every Word has a meaning (taken in context). Every word is important'. This is part of my 'You better understand the intent and be ready to explain' diatribe which I throw at my clients at least 5 times every time I visit. You can't understand the intent unless you have read it and pondered every word (my opinion - no kidding).

I also admit that a big part of the problem also comes from companies which do not put a person in charge of the program who has the background to do this or the company fails to recognize that there is time involved in doing all this.

As a last comment, the idea is not to stiffle an auditor. Hey - let them look and probe. I believe if you're compliant that is a non-issue.

The bottom line is we are experiencing (and are involved in) an evolution at a time when things like this (business systems) evolve at a quite rapid rate unlike anything the world has ever known. The faster the rate of evolution, the higher probability of failure (my opinion - I don't have evidence). Our defense in this 'game' is knowledge and readiness (understand and be ready to explain).

I have not noticed a big difference between QS and ISO auditors. QS just has a lot more vagaries than are apparent at first blush leading to more confusion and interpretation issues. Hell, look back at the QS "Fax in your questions and we'll (maybe) address it in an interpretations document which will eventually exceed the size of the document (qs9000) its self" stupidity. ISO has much more reason in it and vagaries (including SHOULD statements) make much more sense (remember, ISO9001 is an International Spec while QS9000 is strictly a Customer Requirement).

To finish up - folks, I set this site up specificaly because of the this issue of interpretations. I even called it (and still do) an information forum. From the main page:

The Cove is Your Beacon for Direction Thru
The ISO900 - QS9000 Fog and 'Intent' Blurrr-r-r...
Do You... Understand the Intent?
Are You... Ready to (Can You) Explain?
Site Mission Statement:
To serve as an ISO9000 / ISO14000 and QS9000
Information Exchange and Co-Operative

I used the words "Fog and 'Intent' Blurrr-r-r..." for a very specific reason - Interpretation Confusion.

So - we're off to fight some more good fights!


Who's next???

[This message has been edited by Marc Smith (edited 12-28-98).]

Kevin Mader

One of THE Original Covers!

I shall not use "should" again * 100. I vaguely remember a back-and-forth discussion you posted at your old site to that point (also remember other postings between you and the award winning Plexus, another bad word).

Thanks for the feedback on ISO vs. QS auditors. I suspected as much but had heard that they are generally "very" literal and often opinionated (QS auditors that is) in their interpretations. I see this as a potential problem as an organization may find itself in the position of trying to meet a registrar's opinion rather than satisfying the intent of the standard (and requirements) as it suits an organization. To your point, being compliant should eliviate any debate. Still, we will fight the good fight when we must.


Top Bottom