Non-Conformance vs OFI -- your best descriptions

[Tyranna]

For the newer guys (and gals) all I do is audit, that's it, audit, well over 100 days every year for the last 19 years or so, audit. As an auditor I'm obligated by the requirements of the CB I represent, the requirements of the Accreditation Body for the CB, and requirement set forth by the IAF governing pretty much everything. None of those multiple requirements mandate my issuing OFI's but they do require me to provide statements of conformance, effectiveness and nonconformity. OFI's are an unmarked minefield for CB auditors that I choose not to tread, and as such I might make verbal comment, but that's it, and the folks I'm with know without a doubt not to listen to my mutterings and ramblings.

Internal auditors are a different creature by having greater flexibility in how they are to conduct their work and what their output should be, so if they are obligated to find OFI's that's fine as long as they can paint a picture showing the difference between them and nonconformity other than the example in a previous posting above.....Everything is an opportunity, but managed as something needing correction.

I'm rambling, all the OFI, NC and everything is is like Porn, it defies specific description but you know it when you see it.

I am glad our company has adopted the approach of treating OFIs as something to be considered. I hear from so many people that OFIs are treated as "no need to answer" so aren't given much weight because "we are busy, etc." As an internal auditor (thinking of moving over to the dark side , it is nice to see an OFI implemented that has positive results when visiting back a year later although I am not obligated to find them. I am pretty sure most departments would prefer that I not include them in my reports as implementation of new ideas takes away from regular work.

 

[Ed Panek]

It may be cheating but we use OFIs and if we implement them we do so as Preventive Actions since they are usually preventive in observation. When our auditor arrives this means we have corrective and preventive actions aplenty.

 

[Jim Wynne]

What interests me is an auditor sensing an opportunity for improvement but ignoring why the system itself had not already done this.

Do you audit the system to show why it failed to initiate the improvements you’d like to suggest?

At this point it's impossible to tell whether people are referring to internal audits (the topic of this thread) or second/third party audits. They are very different animals and should be treated separately. If you're referring to internal audits, the idea that auditors exist outside of "the system" is very misguided. Internal auditors are integral parts of the system.

There's a lot about this topic that depends on the culture of the organization. For instance, if an internal auditor were to observe and document an opportunity to improve the efficiency of a process, the process owner might get hit over the head for not having thought of it himself. Understanding the culture and how to function within it is a key part of being a competent internal auditor.

 

[normzone]

Huzzah!

I have worked with outside auditors who made it clear all OFI would be verbal and off the record - it was up to you to make note of it and decide if it was valuable counsel or not.

 

[ISO_Man]

Huzzah!

I have worked with outside auditors who made it clear all OFI would be verbal and off the record - it was up to you to make note of it and decide if it was valuable counsel or not.

That would make it easier - I make all of the OFIs from my external audits internal NCs because our auditor is pretty opinionated and bitchy so if he comes back the next year and they're not done he's a bit difficult to deal with.

 

[Randy]

That would make it easier - I make all of the OFIs from my external audits internal NCs because our auditor is pretty opinionated and bitchy so if he comes back the next year and they're not done he's a bit difficult to deal with.

Well here's how you deal with him.....You're not obligated to deal with him, just politely invite him to leave and ask your CB for someone less bitchy, or better yet, thank the CB for their services and get another one. I'm doing a certificate transfer this week almost precisely for that reason ( or similar + 1 or 2 others)

 

[normzone]

That would make it easier - I make all of the OFIs from my external audits internal NCs because our auditor is pretty opinionated and bitchy so if he comes back the next year and they're not done he's a bit difficult to deal with.

Oh ... I know him and his brethren. On the other hand, sometimes they lose interest by the time the next audit comes around, and have a new set of pet peeves.

The fellow I'm thinking of is out of the game - but others like him still in it. This relates back to soft grading, and stating N/Cs as OFIs, then having to call an N/C an N/C the following year. [Randy] makes a good point, and I've seen the same phenom.

 

[ISO_Man]

Yep - I have a list of OFIs that were written internally that should have been NCs and now I have to re-train the internal folks as to which is which. It's hard to find a good checklist to teach with.

 

[pziemlewicz]

When the observation does not meet the standard, I write the NCR.
When the observation is shows a susceptibility that might lead to future NCR, I write an OFI.

Also, I've always reviewed the reports of my internal auditors and signed off before finalization. During this process, I adjust the findings as needed, ask for more evidence, etc. Over time, I've seen hard- and easy-graders, and this process has been my best weapon to align expectations and results across multiple people.

 

[tony s]

I will issue an NC if the audit evidence failed to support the audit criteria i.e. "non-fulfillment of a requirement".

I find the definition of the Rules for Achieving IATF Recognition 5th ed. handy in issuing OFIs. The Rules defined an OFI as "a situation where the evidence presented indicates a requirement has been effectively implemented, but based on auditor experience and knowledge, additional effectiveness or robustness might be possible with a modified approach". This would mean that OFIs are conformity findings and are not situations that will lead to potential NC.

Since the ISO 19011 definition of an Audit Finding mentioned "Audit findings can lead to the identification of risks, opportunities for improvement or recording good practices", an auditor can report an identified risk to prevent a potential nonconformity.