Non-Conformance vs OFI -- your best descriptions

[Mike S.]

If an OFI is not acted on, it's not acted on. It's not mandatory. Maybe there are higher priorities the process owner is dealing with. Maybe they disagree. Maybe they have a better idea and that's in the works. But that (the ones not implemented) doesn't stop me from making a recommendation via an OFI. The company benefits in the end.

And an auditor writing an OFI doesn't mean anyone is negligent.

Jeez - this seems like a simple concept with potential to help a company get more value out of the internal audit process and it seems like a lot of people wanna throw rocks at it. I don't get it.

 

[John Broomfield]

No disrespect meant, but that is a ludicrous proposition. At least, in the context of the traditional management system audits that we are normally used to. To infer that auditors, who spend a couple of days per year at an organization, and due to the commoditization trend, are forced to work more, for less, driving some of the real talent out of the auditing pool, are now supposed to delve on why their perceived OFI's were not identified and acted upon, before s/he observed them, is crazy.

That is totally outside of the scope of the traditional management system auditing protocol. Can you imagine when an auditor is assessing the control of nonconforming products and start wondering and asking questions why did the organization allow all of those defective products to be produced? Auditors are not there to replace the organization leadership and I am ALWAYS skeptical of auditors who brag about being able to find CLEAR OFI's that will save the organization tons of money. If that were the case, they should quit being a management system auditor and become a high-paid consultant.

So, it appears that the answer is insufficient time to investigate the effectiveness of preventive action. Issue an OFI instead. Has the commodification of audit caused this?

 

[Sidney Vianna]

John, if you were to expect an auditor to question why an organization did not identify and act upon an OFI the auditor just "discovered", you should also expect the auditor to have the same line of questioning as to why the organization did not prevent the nonconformities s/he wrote them up for.

It is like a soccer football referee giving a player two yellow cards (resulting in an ejection) for the same offence. One yellow card for the violent conduct and another one for not preventing the foul, to start with.

 

[John Broomfield]

All I am questioning is the need for OFIs.

They seem to be issued to:

1. Suggest improvements
2. Warn of an impending nonconformity
3. Flag a suspected system weakness but insufficient time to investigate

1. Is not audit unless the documented audit objective (approved by the audit client) includes “suggest improvements”.

Both 2 and 3 should be investigated further by the auditee but OFIs come with no such obligation.

Perhaps auditors should be authorized by the audit client to issue Preventive Action Requests or use some other tool so the auditee continues to investigate situation 2 or 3 to protect the interests of stakeholders?

 

[ISO_Man]

On the OFI subject..........There's a major, major Petrochemical company (it's research & product development portion) that doesn't use the term nonconformity, in all cases of something negative or questionable (or broken) they use OFI as a means of reducing negativity and all OFI's are handled as if they were NC's, every one of them (cause, investigation, short term & long term fix/solution).. Kinda fun and always something to review.

I get that - I even started calling internal audits "Assessments" once to reduce the anxiety which made people do anything that they could to avoid audits (I had people calling in sick during the audit days to avoid talking to auditors). But OFIs have to be re-defined internally as mandatory, people tend to interpret them as "nice to have" and they are de-prioritized. I think I'm just going to start making any internal issue a NC going forward.

 

[ISO_Man]

It's a cultural change whatever we call them - people think OFIs are optional -- that needs to change.

 

[Mike S.]

It's a cultural change whatever we call them - people think OFIs are optional -- that needs to change.

Respectfully disagree. Making an OFI a requirement is a fast way to prevent OFIs from being listed. It's kinda an oxymoron.

Look, every single company in existence has areas where they could improve. Let's say an internal audit is done. Some of those areas discovered are violations of a requirement (QMS, legal, ethical, safety, whatever) making improvement necessary. Some of those are areas where it appears to the observer an improvement could be made but no violation of a requirements exists. IMO very few, if any, companies implement every single OFI that exists. And that's okay.

Forget audits.... Imagine a suggestion program -- a company solicits improvement ideas from employees. Maybe they get 50 ideas that, if implemented, would result in improvement, but they don't have the resources to do all 50, but they apply the Pareto principle and apply the 10 that give them 80% of the improvement. Is that bad because they failed to implement them all? NO!

 

[Tyranna]

Yes, some findings are positive and we should ensure these appear in the report. Follow up is important too.

What interests me is an auditor sensing an opportunity for improvement but ignoring why the system itself had not already done this.

One might ask questions on continuous improvement, such as "does the organization have a method for driving continuous improvement within the company?" Perhaps we are speaking of this situation? It is not for me, as an internal auditor, to assume if I discovered an OFI, that the organization was remiss in some fashion for not also discovering such. Many times it can come down to "not seeing the forest for the trees" or "that's the way we have always done it". Perhaps the organization is not aware that there are newer methods for doing such. I believe it is part of my job to promote improvement and sometimes that includes guiding an organization to the realization that there may be a more efficient, cost effective way of doing a task. I cannot "make" the auditee enact an OFI, but I can ask did they consider it and if so, why it wasn't enacted. I usually learn something for my own benefit. The fact that the org. would consider an OFI is telling me as an auditor that they are serious about improvement.

My present company enters every externally made OFI into our corrective action system and a group is assigned to review it. A root cause, corrective action - benefit analysis is entered and a summary of the review of the OFI is included. The resultant action can be a continuous improvement project is enacted, or no action taken, or it may be that the issue moves to management review for consideration (if it is costly in dollars or resources). We track all of OFIs from the external auditors as we are paying for their expertise. (unfortunately we have not made that transition over to the internal audit process as of yet, but I am working on it).

 

[Randy]

For the newer guys (and gals) all I do is audit, that's it, audit, well over 100 days every year for the last 19 years or so, audit. As an auditor I'm obligated by the requirements of the CB I represent, the requirements of the Accreditation Body for the CB, and requirement set forth by the IAF governing pretty much everything. None of those multiple requirements mandate my issuing OFI's but they do require me to provide statements of conformance, effectiveness and nonconformity. OFI's are an unmarked minefield for CB auditors that I choose not to tread, and as such I might make verbal comment, but that's it, and the folks I'm with know without a doubt not to listen to my mutterings and ramblings.

Internal auditors are a different creature by having greater flexibility in how they are to conduct their work and what their output should be, so if they are obligated to find OFI's that's fine as long as they can paint a picture showing the difference between them and nonconformity other than the example in a previous posting above.....Everything is an opportunity, but managed as something needing correction.

I'm rambling, all the OFI, NC and everything is is like Porn, it defies specific description but you know it when you see it.

 

[ISO_Man]

Tell your auditor to bite you (I was actually told that once, we laughed and moved on).

As has been stated, it's not required that you even mention the relevant standard itself (Did a certification just before Christmas and there was no mention anywhere of the standard we were going by, raised questions, but not a problem).

I'm add that statement (about the standard not being required) into my corrective actions.

Respectfully disagree. Making an OFI a requirement is a fast way to prevent OFIs from being listed. It's kinda an oxymoron.

Look, every single company in existence has areas where they could improve. Let's say an internal audit is done. Some of those areas discovered are violations of a requirement (QMS, legal, ethical, safety, whatever) making improvement necessary. Some of those are areas where it appears to the observer an improvement could be made but no violation of a requirements exists. IMO very few, if any, companies implement every single OFI that exists. And that's okay.

Forget audits.... Imagine a suggestion program -- a company solicits improvement ideas from employees. Maybe they get 50 ideas that, if implemented, would result in improvement, but they don't have the resources to do all 50, but they apply the Pareto principle and apply the 10 that give them 80% of the improvement. Is that bad because they failed to impleme



Thanks for weighing in - I've worked for companies that have the kind of suggestion programs that you mentioned. They have to be very well-staffed and include a strong commitment from leadership or they go nowhere. I worked for an American division of a very large German company and the program was promoted heavily and about 95% of the suggestions were dismissed by the approval board for typical reasons (too much cost, tried this before... not feasible...) and people just stopped submitting ideas. But hope springs eternal, right?