Nonconformity's risk is too low, so don't report it?

leaning

Involved In Discussions
#1
In the ASQ Auditing Handbook, it states:
The risk-benefit ratio is a method of analyzing the risk of reporting (based on the sample) or not reporting compared to the benefit to be gained by reporting or not reporting an area of concern.
Does this ever apply to noncomformities? Do you always report all nonconformities? Does anyone have an example of a nonconformity that is not reported because it has a low risk?

Thanks for your help!

Regards,
leaning
 

Marc

Retired Old Goat
Staff member
Admin
#3
<snip> Do you always report all nonconformities? <snip>
Yes, you do. "Level" of risk has nothing to do with noncomformances. If it is, it is.

While Randy's post is Dilbert amusing, I am sure you are not referring to such a minor "nonconformance".

:2cents:
 

leaning

Involved In Discussions
#4
Randy,

That's perfect! Thanks! (I could think of many OFI/good practices/recommendations to the auditee that an auditor can elect not to report because of risk (the book uses the example of a misspelled word that is on many procedures, and would cost too much time and money to fix), but I couldn't think of a good "contrary to audit evidence" nonconformity example. That works great.) :)
 

Marc

Retired Old Goat
Staff member
Admin
#5
<snip> I could think of many OFI/good practices/recommendations <snip>
A nonconformance is a nonconformance.

OFI/good practices/recommendations are not requirements unless the company specifies them as such. And if they are, a nonconformance is a nonconformance.

As to the ASQ's "ASQ Auditing Handbook", it apparently is saying if you find a nonconformance and you don't think it's important don't report it. Now, how much sense does that make?

I understand the desire to bring in "risk based", but - If it is not essential, for what ever reason, why is it a documented requirement and/or policy? If there is no reason for it, get rid of it.

:2cents:
 

AndyN

A problem shared...
Staff member
Super Moderator
#6
In the ASQ Auditing Handbook, it states:
The risk-benefit ratio is a method of analyzing the risk of reporting (based on the sample) or not reporting compared to the benefit to be gained by reporting or not reporting an area of concern.
Does this ever apply to noncomformities? Do you always report all nonconformities? Does anyone have an example of a nonconformity that is not reported because it has a low risk?
Part of the problem with quality systems auditing is, that the model of how to report something is based on external (2nd and 3rd party) audit practices. Internal audits shouldn't follow this model. Writing nonconformities, grading them, expecting root cause are all inappropriate for internal audits. Randy's really trying to propose that some things just need fixing. Write it in the report, "we found it, it was fixed". Don't force everything down the throat of root cause etc. it's just not worth it. It MIGHT be worthwhile to consider risk, but the auditor is going to have to do a lot of analysis to support this approach.
 
#8
Randy,

That's perfect! Thanks! (I could think of many OFI/good practices/recommendations to the auditee that an auditor can elect not to report because of risk (the book uses the example of a misspelled word that is on many procedures, and would cost too much time and money to fix), but I couldn't think of a good "contrary to audit evidence" nonconformity example. That works great.) :)
If someone gives you any bunk point them to this part of ISO 9001:2015, 10.2.1 "Corrective actions shall be appropriate to the effects of the nonconformities encountered."

And guess who gets to determine "appropriate"? You do!
 

leaning

Involved In Discussions
#10
“Contrary to Section 5.2 of the organizational Electricity Reduction Plan which states that all lighting is to be turned off if a room (especially closets, restrooms, breakrooms, etc.) is unoccupied, the overhead light was left on for 47 minutes in the men’s restroom, Building 2, Hallway B.” :D
 

Top Bottom